1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

3480 Commits

Author SHA1 Message Date
Günther Deschner
7b84b133fe r19161: Add NET_GETANYDCNAME (getdcname only gives the PDC while getanydcname
gives just any DC), also make sure to set timeouts in rpcclient
accordingly so that we actually get the DC's reply.

Guenther
(This used to be commit 6091c8152a)
2007-10-10 12:15:18 -05:00
Günther Deschner
e0b6961ac5 r19160: Add new WERR codes seen by working with NETLOGON getdcname.
Guenther
(This used to be commit 78b0124a6e)
2007-10-10 12:15:18 -05:00
Günther Deschner
adc299bd08 r19143: getdcname on the NETLOGON pipe returns WERROR, not NTSTATUS.
Guenther
(This used to be commit 44e228ac79)
2007-10-10 12:15:16 -05:00
Volker Lendecke
7ced2e983d r19028: Implement getprinterinfo level 6 (only the status) and get rid of snum in the
getprinter calls. Survives the RPC-SAMBA3-SPOOLSS test which I will activate
when the Samba4 build farm has picked it up.

Volker
(This used to be commit d7248b6cfa)
2007-10-10 12:15:03 -05:00
Stefan Metzmacher
7f9aca9772 r19026: we don't need this twice
metze
(This used to be commit 5d16aa61c6)
2007-10-10 12:15:03 -05:00
Günther Deschner
3727503872 r18986: Add some more GPO download helper functions.
Guenther
(This used to be commit d2db3b6b46)
2007-10-10 12:14:53 -05:00
Günther Deschner
031506eb51 r18983: Add some comments for the LDAP based GPO routines.
Guenther
(This used to be commit 2c21ee684c)
2007-10-10 12:14:53 -05:00
Günther Deschner
b80cbfc20e r18969: Fix typo.
Guenther
(This used to be commit 31f21282cd)
2007-10-10 12:14:52 -05:00
Gerald Carter
2326b147d0 r18963: * Move parts of registry headers that were still in
use to reg_objects.h
* Remove unused rpc headers
(This used to be commit 4f79d8c83d)
2007-10-10 12:14:51 -05:00
Stefan Metzmacher
93dc24eed9 r18950: I can't see where stropts.h and poll.h are needed
(I just removed the only reference to poll() in my last commit)

they were added in this commit, without make usage of them.

http://cvs.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.21&r2=1.22&f=h
http://cvs.samba.org/cgi-bin/cvsweb/samba/source/include/includes.h.diff?r1=1.105&r2=1.106&f=h

metze
(This used to be commit b852cf46c2)
2007-10-10 12:14:49 -05:00
Günther Deschner
9d931a8421 r18926: Add some useful macros.
Guenther
(This used to be commit 9be5cb27e4)
2007-10-10 12:14:47 -05:00
Volker Lendecke
611b5d29fc r18878: With the recent checkins for me Samba3 compiles again with the NTSTATUS/WERROR
checks enabled. I'll look at the build farm in a couple of hours and fix it if
not.

Volker
(This used to be commit 58583aa943)
2007-10-10 12:14:41 -05:00
Andrew Tridgell
78f2900a16 r18869: two build fixes for systems without ldap
the first is to not enable the ldap ldb backend just yet. This will
need configure tests to conditionally include. We should be able to
use the m4 files from lib/ldb/

The 2nd is to fix libads/gpo.o not to publicly prototype a function
that needs ldap.h
(This used to be commit 1cf17edc14)
2007-10-10 12:14:39 -05:00
Andrew Tridgell
96f2a97e01 r18858: arrgh! - since HAVE_IMMEDIATE_STRUCTURES were last enabled the code
can no longer handle it (at least with gcc 4.1.2). Disable it until
investigated and fixed properly.
(This used to be commit c8670b33b4)
2007-10-10 12:01:06 -05:00
Volker Lendecke
fe5123c2ec r18855: Tell the diff between WERROR and NTSTATUS
Volker
(This used to be commit 5cc4117692)
2007-10-10 12:01:05 -05:00
Günther Deschner
ed5f7cce2a r18818: Forgot header file.
Guenther
(This used to be commit 9da91022f9)
2007-10-10 12:01:03 -05:00
Stefan Metzmacher
21931b1ca8 r18810: use a copy of samba4's talloc under lib/talloc/
to make mergeing easier.

metze
(This used to be commit d49ffbc19b)
2007-10-10 12:01:02 -05:00
Jelmer Vernooij
7ba2554d88 r18802: Use the pidl-generated code for the srvsvc interface, both client and server code.
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399)
2007-10-10 12:00:59 -05:00
Jeremy Allison
3a60a67432 r18793: Fix BE string handling in the auto-generated
code. Should now work again with ASU.
Jeremy.
(This used to be commit 53e97bf928)
2007-10-10 12:00:58 -05:00
Gerald Carter
eab57a0a0f r18789: Replace the winreg server code with the libndr parsing code.
Many things work (OpenHKLM, etc...) but some still don't.
This shouldn't block anyone so I'm checking it in.
Will probably move to a bzr tree after this for
longer dev cycles between checkins.
(This used to be commit cf1404a0d7)
2007-10-10 12:00:57 -05:00
Jeremy Allison
f18c9365ca r18787: Fix the strlen_m and strlen_m_term code by merging
in (and using elsewhere) next_codepoint from Samba4.
Jerry please test.
Jeremy.
(This used to be commit ece00b70a4)
2007-10-10 12:00:57 -05:00
Stefan Metzmacher
beecb90440 r18784: hopefully fix the BOOL bug on AIX
metze
(This used to be commit 454d9590de)
2007-10-10 12:00:57 -05:00
Jelmer Vernooij
4db7642caa r18745: Use the Samba4 data structures for security descriptors and security descriptor
buffers.

Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db)
2007-10-10 12:00:54 -05:00
Gerald Carter
ed7f4ad60e r18717: remove old defines in preference of the flags in librpc/gen_ndr/srvsvc.h
(This used to be commit 080c51dd80)
2007-10-10 12:00:51 -05:00
Gerald Carter
a6ddf9bf5d r18711: Replace the following hand code client routines:
* rpccli_reg_abort_shutdown()
* rpccli_reg_flush_key()
Remove the cmd_reg.c from rpcclient since the entire file
was unused
(This used to be commit c4788f0c13)
2007-10-10 12:00:51 -05:00
Günther Deschner
a3e1f7e44d r18703: Fix the annoying effect that happens when nscd is running:
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.

Guenther
(This used to be commit 7db6ce295a)
2007-10-10 12:00:49 -05:00
Günther Deschner
d2106c1a3c r18679: Fix the build.
Guenther
(This used to be commit b42bd2bf9b)
2007-10-10 12:00:46 -05:00
Günther Deschner
5864fb9fc5 r18677: quickly add samr_GetDisplayEnumerationIndex for debugging to rpcclient.
Guenther
(This used to be commit bd546edc48)
2007-10-10 12:00:46 -05:00
Stefan Metzmacher
fb79acba60 r18664: this stuff is included from libreplace
metze
(This used to be commit 054728e071)
2007-10-10 12:00:45 -05:00
Jeremy Allison
664c3f4166 r18663: Fix one more uuid -> GUID.
Jeremy.
(This used to be commit e568271af2)
2007-10-10 12:00:44 -05:00
Stefan Metzmacher
921caa41e0 r18659: restore BOOL, sorry:-)
libreplace only provides 'bool' not BOOL

metze
(This used to be commit ce6a0723ff)
2007-10-10 11:52:20 -05:00
Jelmer Vernooij
4e7d11449a r18654: Rename "struct uuid" => "struct GUID" for consistency.
(This used to be commit 5de76767e8)
2007-10-10 11:52:19 -05:00
Stefan Metzmacher
bc82f70e0b r18653: this stuff is in libreplace...
metze
(This used to be commit 1dd0ed6134)
2007-10-10 11:52:19 -05:00
Stefan Metzmacher
af61cbdae9 r18651: this comment is wrong, was cut'n'paste...
metze
(This used to be commit e3b88fb655)
2007-10-10 11:52:19 -05:00
Stefan Metzmacher
c1837c24ae r18650: this isn't needed twice in include/includes.h
metze
(This used to be commit ee11275183)
2007-10-10 11:52:19 -05:00
Stefan Metzmacher
19cee7d056 r18649: the PRINTF_ATTRIUTE() macro is provided by libreplace
metze
(This used to be commit dd76f4f5f3)
2007-10-10 11:52:19 -05:00
Stefan Metzmacher
b0c3ad3925 r18648: this is provided by libreplace
metze
(This used to be commit cbc3f09263)
2007-10-10 11:52:18 -05:00
Stefan Metzmacher
8f153c6128 r18644: bring in libreplace in lib/replace
metze
(This used to be commit 596cbe73dd)
2007-10-10 11:52:03 -05:00
Stefan Metzmacher
47e6b7733a r18640: move to socket_wrapper to lib/socket_wrapper/
and sync it with samba4

metze
(This used to be commit 9c0e5b29f1)
2007-10-10 11:52:03 -05:00
Gerald Carter
738f168ecc r18623: starting on eventlog IDL
(This used to be commit 6cb7b6226d)
2007-10-10 11:52:01 -05:00
Günther Deschner
a812e2d7db r18619: Add rpcclient helper for samr_querydispinfo2|3 for testing.
Guenther
(This used to be commit 1a307954e5)
2007-10-10 11:52:00 -05:00
Stefan Metzmacher
258a465e20 r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.

metze
(This used to be commit 2f58645b70)
2007-10-10 11:51:59 -05:00
Jelmer Vernooij
e5db7fee0f r18572: Use the autogenerated client and server for the echo interface and implement
some of the missing functions. RPC-ECHO now passes against Samba3.
(This used to be commit 9e9a053661)
2007-10-10 11:51:51 -05:00
Gerald Carter
47debfd03a r18562: quick build fix rather than rolling back (I didn't actually intend the previous commit but got confused between Samab 3 & 4 branches)
(This used to be commit 990e7c3f8e)
2007-10-10 11:51:50 -05:00
Gerald Carter
c4013df0c1 r18560: * Add in the winreg and initshutdown IDL files
* rename PI_SHUTDOWN from include/smb.h to PI_INITSHUTDOWN
  for compatibility with pidl libndr output
(This used to be commit 23a8828613)
2007-10-10 11:51:50 -05:00
Jelmer Vernooij
71453ab90d r18526: Use generated server for unixinfo RPC interface.
(This used to be commit a5c0606d76)
2007-10-10 11:51:46 -05:00
Jelmer Vernooij
48e2a2bfb7 r18481: Use pidl-generated server side code for dfs.
(This used to be commit 3f337c104d)
2007-10-10 11:51:43 -05:00
Jelmer Vernooij
8be112a81b r18469: Use new pidl-generated DFS client code.
(This used to be commit e277fb067b)
2007-10-10 11:51:43 -05:00
Gerald Carter
5e1146ab58 r18404: * swap from POLICY_HND to the struct policy_handle from ndr/misc.h
* move OUR_HANDLE macro to include/rpc_misc.h
(This used to be commit 2b37079af2)
2007-10-10 11:51:22 -05:00
Gerald Carter
85e4a7a5b3 r18394: get the lsa client code to link
(This used to be commit 96e412a04c)
2007-10-10 11:51:21 -05:00
Volker Lendecke
6d9b02df71 r18369: I've got a sniff where NT4 sends just a single byte after the 516 byte
password blob, it seems that pw_len is just a uint8 instead of uint16.

This might also be interesting for Samba4's samr.idl.

Volker
(This used to be commit 68ded4ba07)
2007-10-10 11:51:20 -05:00
Gerald Carter
415aa96f09 r18275: add auto generated dfs code
(This used to be commit edb7a3607e)
2007-10-10 11:51:19 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Gerald Carter
5f8ef621b3 r18235: stub header to get past compile issues with pidl ndr output
(This used to be commit 1eaf62557f)
2007-10-10 11:51:17 -05:00
Gerald Carter
82ed086618 r18193: Not quite to autogenerated NDR but closer thanks to Jelmer's
initial work.  I'm including the librpc/gen_ndr directory
in svn temporarily just to get some compile issues straightened
out.
(This used to be commit cf271aa433)
2007-10-10 11:51:08 -05:00
Jelmer Vernooij
995205fc60 r18188: merge 3.0-libndr branch
(This used to be commit 1115745cae)
2007-10-10 11:43:56 -05:00
Volker Lendecke
b85e21d3f4 r18020: Fix SunX (with LDAP but without ADS)
(This used to be commit aa61a16c9f)
2007-10-10 11:39:49 -05:00
Volker Lendecke
ee0e397d6f r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.

Volker
(This used to be commit b2ff9680eb)
2007-10-10 11:39:49 -05:00
Derrell Lipman
315f416211 r18013: Fix for "bug" (enhancement) 3684.
Provide a new option to specify the share mode to be used when opening a
file.
(This used to be commit 9b6fee5f6f)
2007-10-10 11:39:48 -05:00
Derrell Lipman
5e44fc4cd4 r18009: Fixes bug 4026.
This completes the work Jeremy began last week, disambiguating the meaning of
c_time.  (In POSIX terminology, c_time means "status Change time", not "create
time".)  All uses of c_time, a_time and m_time have now been replaced with
change_time, access_time, and write_time, and when creation time is intended,
create_time is used.

Additionally, the capability of setting and retrieving the create time have
been added to the smbc_setxattr() and smbc_getxattr() functions.  An example
of setting all four times can be seen with the program

  examples/libsmbclient/testacl

with the following command line similar to:

  testacl -f -S "system.*:CREATE_TIME:1000000000,ACCESS_TIME:1000000060,WRITE_TIME:1000000120,CHANGE_TIME:1000000180" 'smb://server/share/testfile.txt'

The -f option turns on the new mode which uses full time names in the
attribute specification (e.g. ACCESS_TIME vs A_TIME).
(This used to be commit 8e119b64f1)
2007-10-10 11:39:47 -05:00
Jeremy Allison
0f1bc28744 r18006: Actually a smaller change than it looks. Leverage
the get_dc_list code to get the _kerberos. names
for site support. This way we don't depend on one
KDC to do ticket refresh. Even though we know it's
up when we add it, it may go down when we're trying
to refresh.
Jeremy.
(This used to be commit 77fe2a3d74)
2007-10-10 11:39:47 -05:00
Jeremy Allison
305ceade39 r17970: Add missing include-guards around ads.h and ads_cldap.h.
Remove all reference to "Default-First-Site-Name" and
treat it like any other site.
Jeremy.
(This used to be commit 5ae3564d68)
2007-10-10 11:39:44 -05:00
Jeremy Allison
2fcd113f55 r17945: Store the server and client sitenames in the ADS
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
(This used to be commit 9be4ecf24b)
2007-10-10 11:39:01 -05:00
Jeremy Allison
6fada7a82a r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d)
2007-10-10 11:39:01 -05:00
Jeremy Allison
2abab7ee6d r17928: Implement the basic store for CLDAP sitename
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e)
2007-10-10 11:38:59 -05:00
Stefan Metzmacher
9c8a9d0ac4 r17922: sync samba3's talloc with samba4's and move the samba3 specific stuff to tallocmsg.c
metze
(This used to be commit 7704e3e51d)
2007-10-10 11:38:59 -05:00
Jeremy Allison
16c8f09a1f r17861: Fix inconsistency found in checking for NULL in DLIST_REMOVE
macro. Don't check for NULL if we would have already derefed.
Jeremy.
(This used to be commit 1cb379315a)
2007-10-10 11:38:54 -05:00
Volker Lendecke
4bbb995e8d r17854: Steal the LDAP in NTSTATUS trick from Samba4
Thanks to Michael Adam <ma@sernet.de>

Volker
(This used to be commit 91878f9b6f)
2007-10-10 11:38:54 -05:00
Jelmer Vernooij
8d5e7367b1 r17806: Make NTTIME a UINT64_S rather than a separate structure consisting of
two uint32s.
(This used to be commit 3556a9c26c)
2007-10-10 11:38:49 -05:00
Volker Lendecke
25a685b71a r17804: Fix a enum/int mixup found by the IRIX compiler.
Volker
(This used to be commit 3a1cf62376)
2007-10-10 11:38:49 -05:00
Jeremy Allison
a64925ddff r17800: Start using struct timespec internally for file times
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d2)
2007-10-10 11:38:48 -05:00
Gerald Carter
8cac7c1399 r17795: Finally track down the "ads_connect: Interrupted system call"
error.  Fix our DNS SRV lookup code to deal with multi-homed hosts.
We were noly remembering one IP address per host from the Additional
records section in the SRV response which could have been an unreachable
address.
(This used to be commit 899179d2b9)
2007-10-10 11:38:47 -05:00
Gerald Carter
975b159490 r17723: * BUG 3969: Fix unsigned time comparison with expiration policy from AD DC
* Merge patches from SLES10 to make sure we talk to the correct
  winbindd process when performing pam_auth (and pull the password policy info).
(This used to be commit 43bd8c00ab)
2007-10-10 11:38:46 -05:00
Gerald Carter
c9f9c65050 r17669: Remove RID algorithm support from unmapped users and groups
when using smbpasswd
(This used to be commit dde552336c)
2007-10-10 11:38:45 -05:00
Volker Lendecke
f8825406fb r17625: Fix the build
(This used to be commit 76ef8af881)
2007-10-10 11:38:44 -05:00
Volker Lendecke
517efef9a1 r17622: Add a framework for a printing backend designed to support the build farm. If
we want to walk more printing code in the build farm I think doing that with a
customized printing backend is much easier than with a set of shell scripts.

Jerry, comments?

Volker
(This used to be commit 949cd6b992)
2007-10-10 11:38:44 -05:00
Jeremy Allison
ffa590854a r17612: Modify NTLMSSP session code so that it doesn't store
a copy of the plaintext password, only the NT and LM
hashes (all it needs). Fix smbencrypt to expose hash
verions of plaintext function. Andrew Bartlett, you
might want to look at this for gensec.
This should make it easier for winbindd to store
cached credentials without having to store plaintext
passwords in an NTLM-only environment (non krb5).
Jeremy.
(This used to be commit 629faa530f)
2007-10-10 11:38:43 -05:00
Volker Lendecke
986461b6be r17607: Adapt the Samba4 directory structure for tdb. Makes it easier to diff.
Let's see what it breaks. For me it works :-)

Volker
(This used to be commit 337be14b43)
2007-10-10 11:38:42 -05:00
Volker Lendecke
03e3cd1d5a r17554: Cleanup
(This used to be commit 761cbd52f0)
2007-10-10 11:38:38 -05:00
Jeremy Allison
6fd4813ece r17541: When returning a trans2 request, if the "max data
bytes returned" is less than the amount we want
to send, return what we can and set STATUS_BUFFER_OVERFLOW
(doserror ERRDOS,ERRbufferoverflow). Required by
OS/2 to handle EA's that are too large. It's hard
to test this in Samba4 smbtorture as the max data
bytes returned is hard coded at 0xffff (as it is
in the Samba3 client libraries also). I used a
custom version of Samba4 smbtorture to test this
out. Might add a "max data bytes" param to make
this testable in the build farm. Confirmed by
"Guenter Kukkukk (sambaos2)" <sambaos2@kukkukk.com>
and Andreas Taegener <atsamba11@eideltown.de>
that this fixes the issue.
Jeremy.
(This used to be commit ff2f1202b7)
2007-10-10 11:38:38 -05:00
Volker Lendecke
e1e62d8999 r17463: A bit of cleanup work:
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.

Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.

Volker
(This used to be commit f9856f6490)
2007-10-10 11:38:36 -05:00
Volker Lendecke
21da07ba1f r17457: Add a test to do some operations on group mapping.
Volker
(This used to be commit 68db058fdf)
2007-10-10 11:38:35 -05:00
Günther Deschner
72c605b4fc r17454: Adding dfs_EnumEx for rpcclient (Samba4 IDL to follow).
Guenther
(This used to be commit 8c1198c159)
2007-10-10 11:38:35 -05:00
Günther Deschner
11673dc07a r17453: Fix msdfs RPC management (this broke with the autogenerated dfs rpcs).
* Remove "unknown" from dfs_Enum (samba4 dfs IDL updates to follow).

* When encountering an unsupported infolevel the rpc server must reply
with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking
to nt4).

Guenther
(This used to be commit f9bef1f08f)
2007-10-10 11:38:34 -05:00
Volker Lendecke
ff7c0a7c35 r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an
argument.

Volker
(This used to be commit 873a5a1211)
2007-10-10 11:38:34 -05:00
Jeremy Allison
49001a5b1b r17346: Add optimisation vl needs for the cluster code where
we don't get the chainlock when getting the byte range
lock record read-only.
Jeremy.
(This used to be commit fcd798ca0c)
2007-10-10 11:38:27 -05:00
Volker Lendecke
e23781b3b3 r17316: More C++ warnings -- 456 left
(This used to be commit 1e4ee728df)
2007-10-10 11:38:25 -05:00
Jeremy Allison
2c6030415e r17314: Optimisation for POSIX locking. If we're downgrading
a POSIX lock (applying a read-lock) and we overlap
pending read locks then send them an unlock message,
we may have allowed them to proceed.
Jeremy.
(This used to be commit a7a0b6ba50)
2007-10-10 11:38:25 -05:00
Andrew Bartlett
fe348fdb28 r17216: From Kai Blin <kai.blin@gmail.com>:
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:

The commands are the following:

Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.

Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.

Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.

(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).

Andrew Bartlett
(This used to be commit bd3e06a0e4)
2007-10-10 11:38:19 -05:00
Volker Lendecke
e5b6fea73e r17191: Forgotten file, sorry!
(This used to be commit 32fbf66a4b)
2007-10-10 11:38:18 -05:00
Jim McDonough
ba72b0242e r17179: Merge the vl-posixacls tmp branch into mainline. It
modularizes our interface into the special posix API used on
the system. Without this patch the specific API flavor is
determined at compile time, something which severely limits
usability on systems with more than one file system. Our
first targets are AIX with its JFS and JFS2 APIs, at a later
stage also GPFS. But it's certainly not limited to IBM
stuff, this abstraction is also necessary for anything that
copes with NFSv4 ACLs. For this we will check in handling
very soon.

Major contributions can be found in the copyright notices as
well as the checkin log of the vl-posixacls branch. The
final merge to 3_0 post-3.0.23 was done by Peter Somogyi
<psomogyi@gamax.hu>
(This used to be commit ca0c73f281)
2007-10-10 11:38:17 -05:00
Volker Lendecke
e0c68d0a1d r17177: Get rid of a global variable by adding a private data pointer to
share_mode_forall().

Volker
(This used to be commit f97f6cedff)
2007-10-10 11:38:17 -05:00
Gerald Carter
f3550d82a7 r17146: Starting to cleanout my local tree some
* add code to lookup NS records (in prep for later coe that
  does DNS updates as part of the net ads join)
(This used to be commit 36d4970646)
2007-10-10 11:38:15 -05:00
Jeremy Allison
38af904c31 r17107: Make the 200 ms timeout value tunable in local.h...
Might need to be a parameter ?
Jeremy.
(This used to be commit 98d8d9399b)
2007-10-10 11:38:12 -05:00
Jeremy Allison
e1da1fcf12 r17098: Samba3 now cleanly passes Samba4 RAW-LOCK torture
test. Phew - that was painful :-). But what it means
is that we now implement lock cancels and I can add
lock cancels into POSIX lock handling which will fix
the fast/slow system call issue with cifsfs !
Jeremy.
(This used to be commit f1a9cf075b)
2007-10-10 11:38:11 -05:00
Volker Lendecke
2203228c79 r17039: Eliminate snum from enumshares and getshareinfo. Get rid of some pstrings.
Volker
(This used to be commit c5e393d5ed)
2007-10-10 11:19:21 -05:00
Gerald Carter
060b155cd2 r16952: New derive DES salt code and Krb5 keytab generation
Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
  keys
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67)
2007-10-10 11:19:15 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Stefan Metzmacher
1f914279f9 r16717: patch from Bjoern Jacke to fix compiler warnings on AIX
metze
(This used to be commit a558abb40d)
2007-10-10 11:19:09 -05:00
Jeremy Allison
cc1457beb0 r16661: Fix from jason@ncac.gwu.edu for bug #3875,
bad cast warning.
Jeremy.
(This used to be commit d60e6e0abc)
2007-10-10 11:19:06 -05:00
Jeremy Allison
6c94466d7b r16628: Fix bug #3880, reported by jason@ncac.gwu.edu
by ensuring we return the correct enum for sid
type, not a uint32.
Jeremy.
(This used to be commit 98a5e20ff4)
2007-10-10 11:19:04 -05:00
Derrell Lipman
9718506d35 r16550: Fix bug 3866. Thanks for the report!
Although I've never met a computer or compiler that produced pointers to
functions which are a different size than pointers to data, I suppose they
probably exist.  Assigning a pointer to a function is technically illegal in C
anyway.

Change casts of the option_value based on the option_name to use of variable
argument lists.

For binary compatibility, I've maintained but deprecated the old behavior of
debug_stderr (which expected to be passed a NULL or non-NULL pointer) and
added a new option debug_to_stderr which properly expects a boolean (int)
parameter.

Derrell
(This used to be commit c1b4c51053)
2007-10-10 11:18:59 -05:00
Jeremy Allison
ad6f4f14ad r16548: Fix bug #3867 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 2b8d72f09c)
2007-10-10 11:18:59 -05:00
Volker Lendecke
1d21b9659b r16490: Fix a memleak and two typos
(This used to be commit 8cf364e602)
2007-10-10 11:18:57 -05:00
Jeremy Allison
54ea3c23e3 r16435: Add in the uid info that Jerry needs into the
share_mode struct. Allows us to know the unix
uid of the opener of the file/directory. Needed
for info level queries on open files.
Jeremy.
(This used to be commit d929323d6f)
2007-10-10 11:18:54 -05:00
Volker Lendecke
8ceeef3266 r16336: Fix Klocwork ID's 1087, 1095, 1096, 1098, 1099, 1101, 1102, 1105, 1107, 1109,
1111

Volker
(This used to be commit def075baf8)
2007-10-10 11:17:35 -05:00
Günther Deschner
9e7377e81f r16269: Fix the build.
Guenther
(This used to be commit 546710d58c)
2007-10-10 11:17:29 -05:00
Günther Deschner
38060f70a5 r16122: As we use 'inetOrgPerson' as structural objectclass for new accounts for
eDir, we already add 'sn' as required attribute on LDAP add
operations.

When we modify an entry, we need to request 'sn' as well in our
attribute lists, so that we don't try to add it a second time.

Guenther
(This used to be commit e018ea3d1d)
2007-10-10 11:17:21 -05:00
Volker Lendecke
c594a5519d r16060: This is one of the more dirty patches I've put in lately. Parse enough of
SetUserInfo level 25 to survive the join method XP uses if the user did not
exist before. For good taste this contains way too much cut&paste, but for a
real fix there is just not enough time.

Up to 3.0.22 we completely ignored that a full level 21 is being sent together
with level 25, but we got away with that because on creation we did not set
the "disabled" flag on the workstation account. Now we correctly follow W2k3
in this regard, and we end up with a disabled workstation after join.

Man, I hate rpc_parse/. The correct fix would be to import PIDL generated samr
parsing, but this is would probably be a bit too much for .23...

Thanks to Tom Bork for finding this one.

Volker
(This used to be commit 5a37aba105)
2007-10-10 11:17:18 -05:00
Jeremy Allison
7361c7a883 r15958: Make us pass RAW-OPLOCK with kernel oplocks off.
This allows a requestor to set FORCE_OPLOCK_BREAK_TO_NONE
to ensure we don't break to level 2. Fixed a couple
of resource leaks in error paths in open_file_ntcreatex.
Jeremy.
(This used to be commit c7c9adcce7)
2007-10-10 11:17:14 -05:00
Gerald Carter
4347799f26 r15864: build fixes for IRIX 6.4 in the build farm; only enable the C++ reserved word check when we selecte --enable-developer
(This used to be commit ece5fe3e78)
2007-10-10 11:17:11 -05:00
Gerald Carter
5b55886855 r15863: trying to fix a compile issue on HP-UX 11.x caused by conflicts of int16 and int32 definitions in internal and system headers
(This used to be commit 094443ed6c)
2007-10-10 11:17:11 -05:00
James Peach
90a6873b05 r15848: Introduce commandline options to set the remainder of the parameters in
dynconfig.c. This is mainly useful for test harness scripts, hence the
lack of short options.
(This used to be commit bf3b71c845)
2007-10-10 11:17:11 -05:00
Jeremy Allison
07c8c98cad r15838: Back-port tridge's talloc fixes (r15824, r15828) from Samba4.
Jeremy.
(This used to be commit f6c110ddb8)
2007-10-10 11:17:10 -05:00
Günther Deschner
c60e96c392 r15698: An attempt to make the winbind lookup_usergroups() call in security=ads
more scalable:

The most efficient way is to use the "tokenGroups" attribute which gives
the nested group membership. As this attribute can not always be
retrieved when binding with the machine account (the only garanteed way
to get the tokenGroups I could find is when the machine account is a
member of the "Pre Win2k Access" builtin group).

Our current fallback when "tokenGroups" failed is looking for all groups
where the userdn was in the "member" attribute. This behaves not very
well in very large AD domains.

The patch first tries the "memberOf" attribute on the user's dn in that
case and directly retrieves the group's sids by using the LDAP Extended
DN control from the user's object.

The way to pass down the control to the ldap search call is rather
painfull and probably will be rearranged later on.

Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2.

Guenther
(This used to be commit 7d766b5505)
2007-10-10 11:17:08 -05:00
Günther Deschner
39c45ce4f1 r15697: I take no comments as no objections :)
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.

This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).

Guenther
(This used to be commit 52423e01dc)
2007-10-10 11:17:08 -05:00
Jeremy Allison
cc9ea93456 r15668: DOS or FCB opens share one share mode entry from different
fsp pointers. Ensure we cope with this to pass Samba4
DENY tests (we used to pass these, there must have been
a regression with newer code). We now pass them.
Jeremy
(This used to be commit fd6fa1d4ea)
2007-10-10 11:17:06 -05:00
Günther Deschner
f81e4521bf r15649: Allow to store 24 password history entries in ldapsam (same limit as on
Windows). Fixes bug #1914.

Guenther
(This used to be commit b5a5d0b24e)
2007-10-10 11:17:05 -05:00
Paul Green
5255388e95 r15644: Now that we are referencing uint32_t and other data types
defined in <stdint.h>, ensure that it is present. (Not all
implementations pull it in when <sys/types.h> is used).

Paul
(This used to be commit dafe36ec4c)
2007-10-10 11:17:05 -05:00
Gerald Carter
2c029a8b96 r15543: New implementation of 'net ads join' to be more like Windows XP.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in
  a specific OU
(This used to be commit 4c4ea7b20f)
2007-10-10 11:16:57 -05:00
James Peach
a4638ab379 r15516: Use SMB_BIG_UINT in preference to unsigned long long.
(This used to be commit f06d94382f)
2007-10-10 11:16:55 -05:00
James Peach
826614ed16 r15508: Use clock_gettime for profiling timstamps if it is available. Use
the fastest clock available on uniprocessors.
(This used to be commit d448629282)
2007-10-10 11:16:55 -05:00
Volker Lendecke
dc9f30b8b0 r15475: Ugly and disgusting patch to fix the username map problem I created by
changing the token generation. I *hate* this code!

Jerry, you have been looking at this as well, can you double-check that I did
not screw it up?

Thanks,

Volker
(This used to be commit 2765c4ff8d)
2007-10-10 11:16:52 -05:00
Gerald Carter
af086da4ec r15462: replace the use of OpenLDAP's ldap_domain2hostlist() for
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3c)
2007-10-10 11:16:49 -05:00
James Peach
4d55a81958 r15450: Change profiling data macros to use stack variables rather than
globals. This catches mismatched start/end calls and removes
the need for special nested profiling calls.
(This used to be commit ee75049881)
2007-10-10 11:16:47 -05:00
Günther Deschner
b857785c0e r15443: Purely cosmetic reformat, no functional changes.
Guenther
(This used to be commit ef40428d93)
2007-10-10 11:16:45 -05:00
Günther Deschner
0fe21ac560 r15442: Add some more client rpc for the querydominfo calls (from samba4 idl).
Also return the hostname for the level 6 call (to be consistent with the
server name in level 2).

Guenther
(This used to be commit 41b72e77ae)
2007-10-10 11:16:44 -05:00
Günther Deschner
46c35b17a3 r15441: cleanup older unused padding.
Guenther
(This used to be commit 6e225e0528)
2007-10-10 11:16:44 -05:00
Günther Deschner
52e778e6f8 r15438: Fix samrQueryDomainInfo level 5 where we returned our netbios
name eversince instead of the domain name when we are a DC.

Yes, there are applications relying on this call to be correct.

Guenther
(This used to be commit 26dd22c9af)
2007-10-10 11:16:43 -05:00
Günther Deschner
a0ff50efa7 r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.
Guenther
(This used to be commit 9e15b1659c)
2007-10-10 11:16:43 -05:00
Jeremy Allison
6eb1187765 r15402: Fix for bug #3587. Dead entries can be left in the locking
db. Make this db self-cleaning on first read of entry after
open, and also on smbstatus -b call. Needs more testing when
I get back from Boston but passes valgrind at first look.
Jeremy.
(This used to be commit c665310963)
2007-10-10 11:16:40 -05:00
Günther Deschner
7588769316 r15251: Adding PreWin2kAccess builtin sid.
Guenther
(This used to be commit 4330d1b74c)
2007-10-10 11:16:30 -05:00
Günther Deschner
6f5effa730 r15243: Sorry for the breakage:
* Fix the build without kerberos headers
* Fix memleak in the krb5_address handling

Guenther
(This used to be commit 10e4211755)
2007-10-10 11:16:30 -05:00
Günther Deschner
351e749246 r15240: Correctly disallow unauthorized access when logging on with the
kerberized pam_winbind and workstation restrictions are in effect.

The krb5 AS-REQ needs to add the host netbios-name in the address-list.

We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.

Guenther
(This used to be commit 8b2ba11508)
2007-10-10 11:16:29 -05:00
Jeremy Allison
ba52fd71dc r15216: Fix the build for machines without krb5. Oops, sorry.
Jeremy.
(This used to be commit bea87e2df4)
2007-10-10 11:16:29 -05:00
Jeremy Allison
7b75d2c650 r15162: Patch for bug #3668. Windows has a bug with LARGE_READX
where if you ask for exactly 64k bytes it returns 0.
Jeremy.
(This used to be commit dcef65acb5)
2007-10-10 11:16:27 -05:00
Jeremy Allison
0498f3b889 r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55)
2007-10-10 11:16:25 -05:00
Jeremy Allison
010c725b36 r15088: Remove all time() and gettimeofday() calls out of the mainline
packet processing code. Only do these when needed (ie. in the
idle timeout code). We drop an unneccessary global here too.
Jeremy.
(This used to be commit 8272a5ab06)
2007-10-10 11:16:22 -05:00
Gerald Carter
9de61b560a r15072: Last bit of 32/64 bit portabilities fixes for winbind
clients and aservers.  Strange compiler-fu on 64-bit
SLES9 says sizeof(time_t) == 4 but the memory alignment
is on 8 bytes.  Change time_t to uint32 to fix alignment.
Remove 'char **gr_mem' from struct winbindd_gr since
it was not being used.
(This used to be commit b68e66d5c4)
2007-10-10 11:16:01 -05:00
Jeremy Allison
fdd55885da r15060: The brlock code gets called a lot. Ensure we keep the
key around while we're using it - saves many calls to
locking_key() (now deleted).
Jeremy.
(This used to be commit 2f8b527dcf)
2007-10-10 11:16:00 -05:00
Gerald Carter
8c9eb7631e r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit winbindd server
(This used to be commit a95d11345e)
2007-10-10 11:16:00 -05:00
James Peach
7a5ff0885d r15047: Add support for using libunwind to generate a backtrace. This is
primarily intended for ia64 systems where libunwind knows more about
the different ways of walking the stack that just about anything else.
(This used to be commit 256a19d722)
2007-10-10 11:16:00 -05:00
Günther Deschner
655b04e4f8 r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f)
2007-10-10 11:15:59 -05:00
Jeremy Allison
eecdc6c956 r15022: Fix core dumps on normal server exit.
Jeremy.
(This used to be commit 13c3abf031)
2007-10-10 11:15:57 -05:00
Jeremy Allison
22dbd67708 r15018: Merge Volker's ipc/trans2/nttrans changes over
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03)
2007-10-10 11:15:57 -05:00
James Peach
4fa5559800 r14898: This change is an attempt to improve the quality of the information that
is produced when a process exits abnormally.

First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.

Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.

Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d644)
2007-10-10 11:15:53 -05:00
Jeremy Allison
ecc0c18889 r14847: Tell static checkers that exit_server() doesn't
return.
Jeremy.
(This used to be commit 9c5e26a56a)
2007-10-10 11:15:50 -05:00
Jeremy Allison
81d4f40bbe r14763: Add a new tuning parameter, open files database hash size,
this allows us to experiment with ensuring the tdb hash
size for our open files and locking db are appropriately
sized. Make the hash size larger by default (10007 instead
of 1049) and make the locking db hash size the same as the
open file db hash size.
Jeremy.
(This used to be commit e7225f7e81)
2007-10-10 11:15:46 -05:00
Jeremy Allison
80afbe5cf5 r14751: Use the noreturn attribute to try and tell coverity that
smb_panic can't return.
Jeremy.
(This used to be commit ba9c98983e)
2007-10-10 11:15:45 -05:00
James Peach
40d0707827 r14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-based
HSM is interested in. Tested on both IRIX and SLES9.
(This used to be commit 514a767c57)
2007-10-10 11:15:42 -05:00
Derrell Lipman
e836508704 r14664: r13868@cabra: derrell | 2006-03-22 17:04:30 -0500
Implement enhancement request 3505.  Two additional features are added here.
 There is now a method of saving an opaque user data handle in the smbc_
 context, and there is now a way to request that the context be passed to the
 authentication function.  See examples/libsmbclient/testbrowse.c for an example
 of using these features.
(This used to be commit 203b4911c1)
2007-10-10 11:15:42 -05:00
Günther Deschner
20204ab040 r14646: Adding samr querygroup infolevels 2 & 5.
Guenther
(This used to be commit 6c4fe819c6)
2007-10-10 11:15:42 -05:00
Gerald Carter
1839b4be14 r14634: Many bug fixes thanks to train rides and overnight stays in airports
* Finally fix parsing idmap uid/gid ranges not to break with spaces
  surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
  _samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
  and Users BUILTIN groups automatically from smbd (and not just check the
  winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
  grant is not already assigned in our own SAM (retries up to 250 times).
  This fixes passdb with existing SIDs assigned to users from the RID algorithm
  but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
2007-10-10 11:15:41 -05:00
James Peach
97ee5b1afa r14600: Refactor capability interface from being IRIX-specific to using only
the POSIX interface. Note that this removes support for inherited
capabilities. This wasn't used, and probably should not be.
(This used to be commit 763f4c0148)
2007-10-10 11:15:39 -05:00
Günther Deschner
1d5ab8fd05 r14597: Merge DCERPC_FAULT constants from Samba 4.
Guenther
(This used to be commit 3f195f8248)
2007-10-10 11:15:38 -05:00
Gerald Carter
0ce53f8ba5 r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476a)
2007-10-10 11:15:28 -05:00
Günther Deschner
81e4340fd4 r14368: Remove redundant set of logon flags (now in rpc_netlogon.h).
Guenther
(This used to be commit 8d4290cb8e)
2007-10-10 11:15:27 -05:00
Jeremy Allison
d1684fa82e r14353: Fix coverity bugs #61 and #62. Remember to divide by
the size of the data table. Clean up the struct a little.
Jeremy.
(This used to be commit 338538410d)
2007-10-10 11:15:26 -05:00
James Peach
d245d5c017 r14255: Revert r14204 which was horribly broken.
(This used to be commit 950ed28f9f)
2007-10-10 11:15:21 -05:00
James Peach
a62c0925e8 r14207: Convert the lp_acl_compatibility() param into an enum.
(This used to be commit 5429c495c5)
2007-10-10 11:15:16 -05:00
James Peach
a156d128f2 r14204: Remove the basically unused P_GSTRING and P_UGSTRING
parameter types.
(This used to be commit 23328fe6fc)
2007-10-10 11:15:16 -05:00
Günther Deschner
e11a85eebd r14074: Some cleanup; there is no point in declaring and mapping
KRB5KRB_ERR_RESPONSE_TOO_BIG when the krb5 library does not know about
this.

Guenther
(This used to be commit 4a1a3c4808)
2007-10-10 11:11:09 -05:00
Günther Deschner
763a2d7d8e r14051: Add remaining (documented) userAccountControl bits, thanks to Luke
Howard for pointing this out.

Guenther
(This used to be commit 170038f4cd)
2007-10-10 11:11:08 -05:00
Günther Deschner
ca3df1d3f9 r14050: Add the ACB_PWEXPIRED bit abartlet has found.
Guenther
(This used to be commit 5fa3f26b4c)
2007-10-10 11:11:08 -05:00
Günther Deschner
06d6325da1 r14049: Found some more MSV1_0 bits and their behaviour;
just for documentation purpose.

Guenther
(This used to be commit 0b00424e07)
2007-10-10 11:11:08 -05:00
Jeremy Allison
71272fc441 r13975: Re-fix Coverity #156 - I had left the hidden arg. inconsistent
between Realloc and realloc_array.
Jeremy.
(This used to be commit 841c9b1847)
2007-10-10 11:11:02 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Gerald Carter
129fd6c5c6 r13878: move PORT_DATA_1 to use static sized UNICODE strings as per MSDN
(This used to be commit c803e1b2af)
2007-10-10 11:10:57 -05:00
Gerald Carter
5df58c38f3 r13829: From the "It's not pretty but it works" category
* Finish prototype of the "add port command" implementation
  Format is "addportcommand portname deviceURI"

* DeviceURI is either
  - socket://hostname:port/
  - lpr://hostname/queue
  depending on what the client sent in the request
(This used to be commit 6d74de7a67)
2007-10-10 11:10:56 -05:00
Gerald Carter
889ff32b5e r13824: * add api table for Xcv TCPMON and LOCALMON calls starting
with the "MonitorUI" call
* Fix some parsing errors

This gets us to the Add Port Wizard dialog.
(This used to be commit a444aa7f00)
2007-10-10 11:10:56 -05:00
Gerald Carter
354c24d525 r13820: * Start fleshing out the XcvDataPort() server implementation
* Add support for the "Local Port" monitor as well through this API
(This used to be commit ba9cdd88a0)
2007-10-10 11:10:55 -05:00
Gerald Carter
e33b728c7b r13815: "Into the blind world let us now descend,"
Began the poet, his face as pale as death.
"I will go first, and you will follow me."
---

Adding XcvDataPort() to the spoolss code for remotely
add ports.  The design is to allow an intuitive means
of creating a new CUPS print queue from the Windows 2000/XP
APW without hacks like specifying the deviceURI in the
location field of the printer properties dialog.

Also set 'default devmode = yes' as the new default
since it causes no harm and only is executed when you
have a NULL devmode anyways.
(This used to be commit 123e478ce5)
2007-10-10 11:10:55 -05:00
Jeremy Allison
a7552e677e r13802: I *knew* ASU on sparc had to be good for *something* ! :-).
Fix incorrect size understanding of sid name type (yes it's
already correct in the Samba4 IDL :-).
Jeremy.
(This used to be commit 305a774d28)
2007-10-10 11:10:54 -05:00
James Peach
554155473b r13733: Reorder so that locking and params declarations are not mingled.
(This used to be commit cde31d5957)
2007-10-10 11:10:51 -05:00
Günther Deschner
e54786b535 r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
  returning zero)

Guenther
(This used to be commit 5b89e8bc24)
2007-10-10 11:10:25 -05:00
Volker Lendecke
9fffb6ab5b r13693: More Solaris/LDAP fixes from Bjoern <bjoern@j3e.de>
(This used to be commit 7c098ca0ae)
2007-10-10 11:10:24 -05:00
Volker Lendecke
5257615367 r13690: Check in Björn's LDAP Solaris fix.
(This used to be commit d6c6363517)
2007-10-10 11:10:23 -05:00
Gerald Carter
d95e13e68f r13679: Commiting the rm_primary_group.patch posted on samba-technical
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
  primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
  talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
  BOOL to callers.  Wrappers are samu_set_unix() and samu-allic_rid_unix()
(This used to be commit bcf269e2ec)
2007-10-10 11:10:23 -05:00
Günther Deschner
379bd6865f r13657: Let winbindd try to obtain the gecos field from the msSFU30Gecos
attribute when "winbind nss info = sfu" is set. Fixes #3539.

Guenther
(This used to be commit ffce0461de)
2007-10-10 11:10:21 -05:00
Günther Deschner
2a0ad559ad r13625: Now that Heimdal 0.7.2 is released, we reenable our strict checking for
c++ reserved names.

Guenther
(This used to be commit e0b50d0087)
2007-10-10 11:10:20 -05:00
Gerald Carter
6622ba566e r13601: * Remove unused code from pdb_ldap.c
* Add a 'struct passwd *' to the struct samu for later reference
  (I know this may be controversial but its easily reverted which is
  is why I'm checking this is as a seaparate patch before I get
  too deep).
* Remove unix_homedir from struct samu {} and update the pdb wrapper
  functions associated with it.
(This used to be commit 92c251fdf0)
2007-10-10 11:10:18 -05:00
Lars Müller
8176d4c9fe r13598: Defining KRB5KRB_ERR_RESPONSE_TOO_BIG if not defined which is the case
for older krb5 implementations.

Patch slightly modified from the version provided by Björn Jacke <bjoern
at j3e dot de> at the samba-technical list after discussion on the list
and by IRC.  Thanks Björn!
(This used to be commit 49e6431c06)
2007-10-10 11:10:18 -05:00
Jeremy Allison
a57f37420b r13588: Second attempt to fix Bug #3330 - treat the string as a
uint8 array and copy as such. Gunther please check (sorry
I reverted your earlier fix).
Jeremy.
(This used to be commit 7a17b39c80)
2007-10-10 11:10:16 -05:00
Jeremy Allison
115996503c r13585: Sorry Gunther, had to revert this. It's got a buffer
overrun. Spoke to Jerry about the correct fix. Will add
this after.
Jeremy.
(This used to be commit 33e13aabd3)
2007-10-10 11:10:16 -05:00
Günther Deschner
4ea92f3098 r13581: Correctly parse a non-null terminated, little-endian UCS2 string in the
PAC_LOGON_NAME structure. This was broken on big-endian machines
(Solaris SPARC and ppc). Fixes Bug #3330.

Jerry, this should be in 3.0.21c.

Guenther
(This used to be commit 9732490811)
2007-10-10 11:10:16 -05:00
Gerald Carter
2203bed32c r13576: This is the beginnings of moving the SAM_ACCOUNT data structure
to make full use of the new talloc() interface.  Discussed with Volker
and Jeremy.

* remove the internal mem_ctx and simply use the talloc()
  structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
  upcoming changes.  Groups will most likely be replaced with a
  'struct samg' in the future.

Note that there are now passbd API changes.  And for the most
part, the wrapper functions remain the same.

While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs.  The code also needs more testing under valgrind to
ensure it's not leaking memory.

But it's a start......
(This used to be commit 19b7593972)
2007-10-10 11:10:15 -05:00
Günther Deschner
2cf38b62c5 r13566: Fix EA support for AIX.
Patch from Bjoern Jacke <bjacke-at-sernet-dot-de>.

Guenther
(This used to be commit 69fb189a6b)
2007-10-10 11:10:14 -05:00
Jeremy Allison
9132acff08 r13553: Fix all our warnings at -O6 on an x86_64 box.
Jeremy.
(This used to be commit ea82958349)
2007-10-10 11:10:13 -05:00
Günther Deschner
6a6f2463f6 r13522: Add SAMR_GET_USRDOM_PWINFO client-side.
Guenther
(This used to be commit 290a581b75)
2007-10-10 11:10:09 -05:00
Gerald Carter
04af2ab06e r13509: remove unnecessary sql flags
(This used to be commit c3702e804a)
2007-10-10 11:10:08 -05:00
Volker Lendecke
301d51e13a r13494: Merge the stuff I've done in head the last days.
Volker
(This used to be commit bb40e544de)
2007-10-10 11:10:06 -05:00
James Peach
8fbdd112b2 r13482: Push the FAM notification file descriptor into the select
set to avoid unnecessary polling.
(This used to be commit 1dce945ccb)
2007-10-10 11:10:05 -05:00
Gerald Carter
75ef18fa75 r13460: by popular demand....
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
  like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
  previous 2 changes
(This used to be commit 7a2da5f0cc)
2007-10-10 11:10:04 -05:00
Jeremy Allison
85160e654e r13458: Add parsing functions - but stub internals for lookupnames3 and 4.
Jeremy.
(This used to be commit f1a362580a)
2007-10-10 11:10:04 -05:00
Jeremy Allison
785c78b795 r13456: Add lsa_lookup_names2.
Jeremy.
(This used to be commit b57406c89f)
2007-10-10 11:10:04 -05:00
Jeremy Allison
e22d38bdde r13455: Prepare to add lookupnames2.
Jeremy.
(This used to be commit 2274709587)
2007-10-10 11:10:04 -05:00
Jeremy Allison
acc4a837aa r13449: Ensure we don't crash if no dc struct on pipe.
Jeremy.
(This used to be commit a9e1d0f3b4)
2007-10-10 11:10:04 -05:00
Jeremy Allison
06cf1e18e5 r13447: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3.
Jeremy.
(This used to be commit a164cfab42)
2007-10-10 11:10:03 -05:00
Günther Deschner
72b30eba64 r13444: Add REJECT_REASON_OTHER for samr_chgpasswd_user3
Guenther
(This used to be commit 58baf718be)
2007-10-10 11:10:03 -05:00
Günther Deschner
e83c7d0141 r13442: Implement samr_chgpasswd_user3 server-side.
Guenther
(This used to be commit f60eddc0a4)
2007-10-10 11:10:03 -05:00