summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2002-08-05Spelling fix.Tim Potter1-1/+1
(This used to be commit 28ba237a9e02e284fb541562270db758612e425a)
2002-08-05fixed wbinfo -t for netbiosless domainsAndrew Tridgell1-1/+7
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
2002-08-05I must have missed this when I was adding 'const' to these earlier...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit ce6c8a647ca56dcbb60ff898d77c2df297c1fe79)
2002-08-05Try to make this easier to debug - display the username that failed.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8405bccd4e7a5315e58890ffa5d481031636f88a)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell24-362/+629
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-04passwords where not checked (you cannot check if the same buffer differs ↵Simo Sorce1-6/+18
from itself). they where alo not clean after use! Simo. (This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
2002-08-04commented out strupper before key check against internal db, it's no goodSimo Sorce1-1/+1
to check for uppercased strings when we store them not uppercased. jerry, this fix is needed to make usrmgr.exe work again. meanwhile we found out that NT_STATUS code may not be appropriate there. In particular it seem that an NT PDC will send back 02 as error (ERRbadfile) not 0xc000000f (NT_STATUS_NO_SUCH_FILE NT) I think further investigation is need to understand which are aprropriate return codes here. (This used to be commit 2ad0e81c8da62b7e15ab3e414b5e15a94fe5de87)
2002-08-04Now that I got the function arguments sane, remove the silly (void **) castsAndrew Bartlett1-9/+9
from some of the callers. Andrew Bartlett (This used to be commit eb3354aa6c7293df9a728565a6774049b2e6d57f)
2002-08-03fixed a bug where we were truncating the returned names in a netbiosAndrew Tridgell1-1/+1
name status query to 14 bytes, so we could not join a DC who had a netbios name of 15 bytes in length. (This used to be commit a7588f21c24dac833f098c48e2337c100cf75ba4)
2002-08-03updates the log level parameter man sectionSimo Sorce1-3/+6
can someone regenerate and commit the other formats? thanks (This used to be commit cfc03b9257feeec1ae4b4cbf19d5ddcdabade133)
2002-08-03fix log level, set a default, and also copy the value set in smb.conf into ↵Simo Sorce2-10/+13
parm_struct.ptr this one also fixes log level not shown in swat fix swat help system (This used to be commit 7532e828966f3baaa418b528a5b7fe450c488401)
2002-08-02Fix length on mailslots. Looks like it should have been 0x17, not decimal 17.Jim McDonough1-1/+1
(This used to be commit 8e906a948196be7d630a9b20f3c3d2cbafd545f1)
2002-08-02Escape ampersand(&) to better comply to SGML syntaxJelmer Vernooij1-1/+1
(This used to be commit d234f04a5f3ecd4debf66ce80e76f6b9aedaed6c)
2002-08-02Moved rpc client routines from libsmb back to rpc_client where they belong.Tim Potter16-7671/+3635
(This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7)
2002-08-02Added connect, session_request, session_setup and tconx methods.Tim Potter1-21/+138
(This used to be commit 76eacaa28546d65b9ddb7ff356f0bd2aaf2f86d8)
2002-08-02Broke out unpacking of a username/password stored in a PythonTim Potter2-28/+74
dictionary into a separate function. (This used to be commit 10889241d5f5813f499501a45edccc4acd3e9f74)
2002-08-02Merge of print notify fixes from APPLIANCE_HEAD.Tim Potter3-6/+27
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
2002-08-01Fixed compiler warning.Tim Potter1-1/+1
(This used to be commit 81322f4d63095d828be7983eb4b47775abe8d33f)
2002-08-01make sure we null terminate plaintext passwordsAndrew Tridgell1-1/+1
(This used to be commit cf2abf677ed9942d841ef61ffb2565244c8979ac)
2002-07-31merge from SAMBA_2_2Gerald Carter1-0/+154
(This used to be commit 72d36c9b2596cda6c3c25c18ddb4c58d55519ff8)
2002-07-31forgot to change the makefile system, sorrySimo Sorce2-12/+10
(This used to be commit 3e6a11f56a3878e75c4354db214971208d911be3)
2002-07-31Add the current working document on the interface to the tree that we haveAndrew Bartlett1-0/+123
*somthing* in the directory. (Stops cvs update -P eating it). This is the combined effort of many from #samba-technical, kai, metze, ctrlsoft, idra and abartlet in particular. It will no doubt change :-) Andrew Bartlett (This used to be commit 40fc43296def1f5ac3c23aba8b283a91f1d10239)
2002-07-31Let everybody enjoy my new toy - make it the default!Andrew Bartlett1-2/+2
Authenticaions will now attempt to use winbind, and only fall back to 'ntdomain' (the old security=domain) code if that fails (for any reason, including wrong password). I'll fix up the authenticaion code to better handle the different types of failures in the near future. Andrew Bartlett (This used to be commit 78f0d4337bd263d26d7b349eaf8148e863c62f69)
2002-07-31Winbind updates!Andrew Bartlett9-51/+201
This updates the 'winbind' authentication module and winbind's 'PAM' (actually netlogon) code to allow smbd to cache connections to the DC. This is particulary relevent when we need mutex locks already - there is no parallelism to be gained anyway. The winbind code authenticates the user, and if successful, passes back the 'info3' struct describing the user. smbd then interprets that in exactly the same way as an 'ntdomain' logon. Also, add parinoia to winbind about null termination. Andrew Bartlett (This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
2002-07-31Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, norAndrew Bartlett1-18/+11
longer than the buffer they claim to be in. Many thanks to tridge for explaining the macros. Andrew Bartlett (This used to be commit 3efd462bf2f1ed50c108c2b8ddecc461d002745d)
2002-07-31fixed the length checking for plaintext passwords (thanks to andrewbAndrew Tridgell1-2/+11
for spotting this) (This used to be commit d4c905e5a0a67c8e01a4fcf78aa992a3b7beff02)
2002-07-31Don't accidenity mess with the wrong domain's sids.Andrew Bartlett1-2/+2
(This used to be commit 0e2207c9c1ce573098f764e85a65c17cc1f1d284)
2002-07-31fix debug, at idra's suggestion.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit bc17b91c2f1a1df58614b67bff94f228be6b9bb2)
2002-07-31Only allow 'security=ads' when we HAVE_ADS.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit f77335b6f86c736e72b66eab6a2aee046ddbee41)
2002-07-31support netbiosless search for the DC using ADS in the winbindd AUTHAndrew Tridgell1-58/+110
code. (This used to be commit 3929532e3bfb98b925d73d331c8cbb319fdc8b9a)
2002-07-31fixed multi-line strings for portabilityAndrew Tridgell1-2/+2
(This used to be commit 9f9e0cbd2c9920b730286f8bf560dc3415c29aa6)
2002-07-31make sure we zero the unusued elements in a SID when parsingAndrew Tridgell1-0/+3
(This used to be commit aa5beb63f1b1133c4ad28118ddd33e21198d79bb)
2002-07-31added 'disable netbios = yes/no' option, default is noAndrew Tridgell2-2/+34
When this option is disabled we should not do *any* netbios operations. You should also not start nmbd at all. I have put initial checks in at the major points we do netbios operations in smbd but there are bound to be more needed. Right now I've disabled all netbios name queries, all WINS lookups and node status queries in smbd and winbindd. I've been testing this option and the most noticable thing is how much more responsive things are! wthout those damn netbios timeouts things certainly are much slicker. (This used to be commit 12e7953bf2497eeb7c0bc6585d9fe58b3aabc240)
2002-07-31fixed a net crash bug if we can't find a DC in a 'net rpc' commandAndrew Tridgell1-0/+4
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
2002-07-31added support for smbd listening on port 445 and 139. It now listensAndrew Tridgell4-47/+88
on both by default, and you can specify a list of ports to listen on either with "smb ports = " in smb.conf or using the -p option to smbd. this is needed for proper netbiosless operation. (This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
2002-07-31the ads_connect() here doesn't need to actually succeed, as its onlyAndrew Tridgell1-3/+1
needed to find the DC IP. Just don't check its return value! (This used to be commit ab144cd8af1622894d446ce48dde99babeb30bd6)
2002-07-31make sure that 'net ads info' gives info on the server we specify, notAndrew Tridgell1-0/+4
our smb.conf setup. (This used to be commit cffa881092e48db10a712575a8671f695e8ef813)
2002-07-31Remove VFS module build so RPMs can build for now.John Terpstra1-13/+13
(This used to be commit 0c1e759cd3ee70f509fe7ccd30f986f24ad20464)
2002-07-30Fix the build for now..Jim McDonough1-1/+1
Tridge, please look at this. Did you mean to take out the last parm? (This used to be commit f70886df942e8b37fecb503b2d87f39f19c9bdab)
2002-07-30Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough6-5/+313
is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone). (This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell4-4/+14
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-07-30this fixes plaintext passwords with win2000Andrew Tridgell3-8/+10
there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
2002-07-30always include the (void) for void fns ...Andrew Tridgell1-1/+1
(This used to be commit deff1f96232b328fb5f5bb49a23eb4cda11fd330)
2002-07-30a couple more minor tweaks. This now allows us to operate in ADS modeAndrew Tridgell2-4/+9
without any 'realm =' or 'ads server =' options at all, as long as DNS is working right. (This used to be commit d3fecdd04241ed7b9248e52415693cd54a1faecf)
2002-07-302nd try at a fix for netbiosless connections to a ADS DC. This alsoAndrew Tridgell1-31/+90
make the code a fair bit cleaner as it splits up the ADS and RPC cases, which really are very different. (This used to be commit 5a11c432afebe84b17820396476f48a6a6f6411b)
2002-07-30removed a gratuitous standard_sub_basic() on the 'password server'Andrew Tridgell1-2/+0
field. This has got to be pointless. (This used to be commit fd02adab54b66a19c1b81b8ae91e66713691b060)
2002-07-30- if we are in ADS mode then avoid an expensive netbios lookup to findAndrew Tridgell1-7/+16
the servers netbios name when we don't need it. This also fixes ADS mode when the DC has netbios disabled. - if the password server is specified as an IP then actually use that IP, don't do a lookup for the servers name :) (This used to be commit 72042e94ef0f6841afcfa48eafb9809545860725)
2002-07-30OK!Simo Sorce13-560/+622
Finally the cascaded VFS patch is in. Testing is very welcome, specially with layered multiple vfs modules. A big thank to Alexander Bokovoy for his work and patience :) Simo. (This used to be commit 56283601afe1836dafe0580532f014e29593c463)
2002-07-30Update a pile of Samba's SID lookup code to ensure:Andrew Bartlett2-75/+92
- That we never call winbind recursivly - That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping in either the passdb or the group mapping db. Also, remove restrictions that say 'this domain only'. If we have a mapping configured, allow it to be returned. If we later decide certian mappings are invalid, then we sould put that in the code that actually does the map. Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even if they are not represented by Unix groups yet. Andrew Bartlett (This used to be commit d5bafb224337e393420c2ce9c0a787405314713c)
2002-07-30Make some of the charconv code a bit easier to read and work with - when weAndrew Bartlett1-8/+8
are dealing with utf8 we may as well specify char** for the pointer, save otherwise casting in the caller. Andrew Bartlett (This used to be commit 46021f85b6da4ba1e7f73ee7408079219d555dde)