summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2003-11-26Merge from 3.0:Andrew Bartlett4-13/+15
- NTLM2 fixes, don't force NTLM2 - Don't use NTLM2 for RPC, it doesn't work yet - Add comments to winbindd_pam.c - Merge 64 bit fixes and better debug messages in winbindd.c Andrew Bartlett (This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0)
2003-11-25Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bitsJeremy Allison2-0/+45
if the file has an ACL. Jeremy. (This used to be commit a51d9e947ef012fabf5a13250df6232d23722f68)
2003-11-25allow users to delete jobs with cups printing backendGerald Carter2-1/+7
The changes the name of the job passed off to cups from "Test Page" to "smbprn.00000033 Test Page" so that we can get the smb jobid back from lpq. Working on bug 770. (This used to be commit 3a84daf24f80cf44605841c844a0ba516354420b)
2003-11-25If signing starts successfully, don't just turn it off automatically ifJeremy Allison1-5/+5
it fails later. Only turn it off automatically if it fails at the start. Jeremy. (This used to be commit 2a00d538da61253455db1734b74ef1debaea24ea)
2003-11-25Patch for #263 from jpjanosi@us.ibm.com.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 6543bca0cbf6030d2400e30bb7491237d9c818f8)
2003-11-25When server signing is set to "auto", if the client doesn't sign justJeremy Allison1-2/+23
ignore it. Only fail if signing is set to "required". Jeremy. (This used to be commit ab5db8873e2882900baa1c74706bb907baaff7fd)
2003-11-24strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in ↵Gerald Carter1-2/+2
check_bind_response() (This used to be commit 84f0e97e5882375b765b818e89a6d96736cd5932)
2003-11-24Added "passwd chat timeout" parameter. Docs to follow.Jeremy Allison2-3/+10
Jeremy. (This used to be commit 4d49fb806db6868f97069a603a28a85dc31cfe21)
2003-11-24patch from Matthias Hilbig for bug 467; use the dns name (or IP) as the ↵Gerald Carter1-2/+7
originating client name when using CUPS (This used to be commit eae48cda0f7f1346cd66d5a581c1273880f214d4)
2003-11-24more access fixes for group enumeration in LDAP; bug 281Gerald Carter6-14/+52
(This used to be commit c4ce92e80688fe7fd4b2fde2c31e94baf3e4dca0)
2003-11-23(Merge from 3.0)Andrew Bartlett2-2/+15
Patch by emil@disksites.com <Emil Rasamat> to ensure we always always free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett (This used to be commit 58c4963a8389dff4d925548217fabed1c9932abd)
2003-11-23Merge from 3.0:Andrew Bartlett6-31/+68
Add support for variable-length session keys in our client code. This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. - Add server-side support for variable-length session keys (as used by DES based krb5 logins). Andrew Bartlett (This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
2003-11-22(merge from 3.0)Andrew Bartlett35-597/+1157
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-11-22debug and swat fixes from 3.0Gerald Carter2-1/+3
(This used to be commit 52c1973f39f4c4161097843fcf395e0102531575)
2003-11-22fix winbind ping call so that SWAT correctly determines if winbindd is ↵Gerald Carter1-5/+1
running; bug 398 (This used to be commit cb12d519cc40b964d022886538044e8613931199)
2003-11-22Ensure that items in a list of strings containing whitespaceGerald Carter3-6/+18
are written out surrounded by single quotes. This means that both double and single quotes are now used to surround strings in smb.conf. This is a slight change from the previous behavior but needed or else things like printer admin = +ntadmin, 'VALE\Domain, Admin' get written to smb.conf by SWAT. (This used to be commit 59e9d6e301c752e99fb6a50204d7941f7f84566a)
2003-11-21Fix for rename across filesystems. Noticed by Rainer Link ↵Jeremy Allison1-5/+95
<link@foo.fh-furtwangen.de>. Jeremy. (This used to be commit f68c2ff0f3307612ddbe62b8cc2ea12251d54ec6)
2003-11-21Fix Jerry's no-proto bug :-).Jeremy Allison1-4/+4
Jeremy. (This used to be commit 2b39e3f12a12f0863bf76d996c0d0db422d593bc)
2003-11-21make sure we don't append the ldap suffix when writing out the ldap XXX ↵Gerald Carter1-53/+46
suffix values in SWAT; based on tpot's original patch; bug 328 (This used to be commit b1d5173b16c40d55cfb6265f1d1947ec78952b6f)
2003-11-20Typo fix.Rafal Szczesniak1-2/+2
(This used to be commit d1394f02cb0e369701217ce6610f4efe54438c3a)
2003-11-19Added useful information to debug lines.Rafal Szczesniak1-4/+4
Patch by metze. rafal (This used to be commit 91e1be66b1a3aa002f68d8f1c2fc148c1374d365)
2003-11-19Look at error before using it in debug statement.Jeremy Allison1-3/+2
Jeremy. (This used to be commit 42114b75f2c082522f7806a1af11409609785b06)
2003-11-19Group quotas patch from "Heinreichsberger, Helmut" ↵Jeremy Allison1-19/+32
<Helmut.Heinreichsberger@wincor-nixdorf.com> Jeremy. (This used to be commit 0984b35fbfd0c9579d2a8a6fa748ade604ad6a82)
2003-11-19Correct fix for '$' termination test.Jeremy Allison1-2/+1
Jeremy. (This used to be commit b93e44e01edb432e11b9ad6aeb4d4eea0f7fa433)
2003-11-18Fix to correct checking of '$' name termination.Rafal Szczesniak1-1/+1
Patch by metze. rafal (This used to be commit 7191186fc64eb0b8092a2f6f1e89b6b6a6df7627)
2003-11-18Useful debug message. Patch by metze.Rafal Szczesniak1-3/+5
rafal (This used to be commit 5f02adbd261b7fde22b72703135dec44b7652ef1)
2003-11-18Remove unneeded second open for filename ending in '.' now we know it'sJeremy Allison2-14/+4
a mangled name. Added const. Fix inspired by Andrew Bartlett ideas. Jeremy. (This used to be commit 8de1d4ebf72928c958d4c5be887f2babe13d3c87)
2003-11-18Ensure we mangle names ending in '.' in hash2 mangling method.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 9b50fd8cfc36c817177103b07e7b8a3952e641c7)
2003-11-17Fix from Andrew Bartlett to fix up the munged-dial problem.Jeremy Allison2-6/+16
Jeremy. (This used to be commit 5df3d16c9226bf884226e8302b996a484017f8c3)
2003-11-17From 3_0:Volker Lendecke1-1/+2
This fixes a bug when establishing trust against a german W2k3 AD server. In the bind response to WKSSVC it does not send \PIPE\ntsvcs as NT4 (did not check w2k) but \PIPE\wkssvc. I'm not sure whether we should make this check at all, so making it a bit more liberal should hopefully not really hurt. Volker (This used to be commit dbd17dd0366d6cd20a2d5d8247dd5842563da2ca)
2003-11-17* make sure we only enumerate group mapping entriesGerald Carter3-152/+44
(not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0 (This used to be commit 3b75e862dfba42c95e2279c300c06bb981f52993)
2003-11-17updates from BuchanGerald Carter2-108/+134
(This used to be commit f7e4ea27a330b84bc67c71c10a5c1fb009572fb2)
2003-11-16do not build config_ldap by defaultSimo Sorce1-1/+1
(forget to remove the module from the default list after testing :-) (This used to be commit aae13b2e63dd3aeafe7dcb48a484da9d51a0a589)
2003-11-15add also the schema attributes and object classes need by config_ldapSimo Sorce1-0/+48
Jerry, if you have any problems with these schema additions, let me know, so that we can arrange the right solution (This used to be commit e17af6d6cf9244b1204f13b7d5be76b4595d5b95)
2003-11-15Split smbldap in a core file and a utility fileSimo Sorce9-179/+720
Add module support for configuration loading Add a first implementation of config_ldap module to put samba configuration on ldap It worked on my test machine, please try it out and send bugfixes :-) have fun, Simo. INSTRUCTIONS: Just add something like this to your smb.conf file: config backend = config_ldap:ldap://localhost config_ldap:basedn = dc=samba,dc=org the config tree must follow this scheme: ou=foo, dc=samba, dc=org <- global section |- sambaOptionName=log level, ou=foo, ... <- options |- ... |- sambaShareName=testlc, ou=foo, ... == [testlc] |- sambaOptionName=path, sambaShareName=testlc, ou=foo, ... <- option here is a sample ldif: # foo, samba, org dn: ou=foo, dc=samba, dc=org objectClass: organizationalUnit objectClass: sambaConfig ou: foo description: Test Foo # log level, foo, samba, org dn: sambaOptionName=log level, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: log level sambaIntegerOption: 10 description: log level 10 is suitable for good debugging # testlc, foo, samba, org dn: sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaShare sambaShareName: testlc description: share to test ldap config module actually works # path, testlc, foo, samba, org dn: sambaOptionName=path, sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: path sambaStringOption: /tmp description: Path for share testlc # read only, testlc, foo, samba, org dn: sambaOptionName=read only, sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: read only sambaBoolOption: TRUE description: Share testlc is read only # guest ok, testlc, foo, samba, org dn: sambaOptionName=guest ok, sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: guest ok sambaBoolOption: TRUE description: Guest users are allowed to connect to testlc share (This used to be commit 207968eafc2c2a185e50e2132702d7bab2142aba)
2003-11-14fix more memory leaks in the LDAP backend code; patches from metzeGerald Carter3-27/+52
(This used to be commit 89a8c607af4ca67fcefe285480f7c9b832f6720c)
2003-11-13Update Makefile ...Richard Sharpe1-2/+9
(This used to be commit b92fd87b2461dff0e05ad4a7b0a475539c21d4c0)
2003-11-13Add this to samba-head.Richard Sharpe1-0/+280
(This used to be commit d761175f131f80ae24549adca6ffc629f84a9803)
2003-11-13* Fix from SATOH Fumiyasu for bug 660 (failing to view printGerald Carter2-7/+9
jobs) by only enforce the 'max reported print jobs' parameter when it is non-zero. * Fixed bug 338 by making sure that data values are written out when we are marshalling an EnumPrinterDataEx() reply. This probably fixes other bugs reported against point-n-print feature in 3.0.0 (This used to be commit d7026f6d178f6ed531bbf7d681d4efde0828616c)
2003-11-13Keep configure.in in sync with SAMBA-3.0.0Richard Sharpe2-20/+25
(This used to be commit 664cc4f46cf1be08c704a9d163ee33c8629ad065)
2003-11-12show locked files for -u <user>; bug 590Gerald Carter1-10/+41
(This used to be commit 3290582cb0542d1e2a7e1e5213614fca8788b070)
2003-11-12> Omit html documentation tree because it has been moved to the separateRafal Szczesniak1-6/+9
> module. Install though, in case one recreates the tree as it was before. > > > rafal Same as in SAMBA_3_0 source tree. rafal (This used to be commit af972c76158069efe3817a4e6dce4826d883edf1)
2003-11-11fix crash bug due to empyrt munged dial string; patch from metzeGerald Carter1-1/+1
(This used to be commit aef7f54355a71e36963ed7427e9c2f05d26cc222)
2003-11-10Patch from Andrew Bartlett <abartlet@samba.org> for security=server coreJeremy Allison1-6/+8
dump if server goes away. Jeremy. (This used to be commit a646cb60a24498451d379967a1da272fcd40875f)
2003-11-09From 3_0:Volker Lendecke1-0/+1
Skip over the winbind separator when looking up a user. Volker (This used to be commit efe36a44d3d35f2bbb3381916dfdfda80560b67c)
2003-11-09Merge from 3.0:Andrew Bartlett3-20/+1
source/passdb/pdb_get_set.c: I agree with vl's #if 0 here, and am not quite sure what I was thinking with regard to the original code. Let's keep samba simple, and just remove it. source/rpc_server/srv_netlog_nt.c: Remove compleatly wrong comments. (There were correct, 2 years ago...) source/intl/lang_tdb.c: Add newline to debug message Andrew Bartlett (This used to be commit 2a8dbe03690b60f3d9c83de3cf6ce873aa0657bc)
2003-11-07* only install swat html files onceGerald Carter3-17/+34
* revert the change that prevent the guest account from being added to a passdb backend since it broke the build farm. * apply patch from Alex Deiter to fix the "smbldap_open: cannot access when not root error" messages when looking up group information (bug 281) (This used to be commit 20bd309239199d85accb2b7aac6d4dd73e414f85)
2003-11-07Handle munged dial string. Patch from Aur?lien Degr?mont <adegremont@idealx.com>Jeremy Allison4-16/+121
with memory leak fixes by me. Jeremy. (This used to be commit daceed37387c517b3f0ab9c173f419215e3d676b)
2003-11-07fix for bug 680 (heads up). This gist is to map theGerald Carter3-385/+361
UNIX entity foo to DOMAIN\foo instead of SERVER\foo on members of a Samba domain when all UNIX accounts are shared via NIS, et. al. * allow winbindd to match local accounts to domain SID when 'winbind trusted domains only = yes' * remove code in idmap_ldap that searches the user suffix and group suffix. It's not needed and provides inconsistent functionality from the tdb backend. This has been tested. I'm still waiting on some more feedback but This needs to be in 3.0.1pre2 for widespread use. (This used to be commit cac4723e206bd001882011c9e12327064d032268)
2003-11-07don't allow setting of the guest accountGerald Carter1-0/+8
(This used to be commit 1e461f06ec492dc3f139165932c3518a6dd416f9)