summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2004-03-091) Two new functions to trust passwords interface in passdb:Rafal Szczesniak1-1/+9
settrustpwent, gettrustpwnam 2) Implementation of another couple of these functions in tdbsam: settrustpwent, gettrustpwnam, gettrustpwsid 3) Testing (mostly for now) usage of the interface in pdbedit which is soon to be offline tool back again. This is quite a new code, so many changes will be put in soon. rafal (This used to be commit 2ed23fbce846f9710747d72aa98c20d54894d61e)
2004-03-09Commit to HEAD the updates to smb signing code that I was propsing for 3.0.Andrew Bartlett1-1/+2
This code implements 'opportunistic signing' in our client (when the server supports it, we will use it), and correct downgrading on both the client and server for the 'enabled' (rather than required) signing level. This means that we can actually set 'server signing = yes' and not have the world fall apart. We had a number of bugs in that code, and it certainly looks like most of the testing was with the 'requried' setting. While the changes are reasonable, I'm putting this into HEAD rather than 3.0 for the timebeing. SMB signing, like NTLMSSP, tends to have gotchas in it :-) (I also need to give it a workout with more than smbclient before I move it across). Andrew Bartlett (This used to be commit 6bad895462cf076a7e917c909e2a461d1b360bf1)
2004-03-04BUG 1015: patch from jmcd to fix statfs redeclaration of statfs struct on ppcGerald Carter1-1/+3
(This used to be commit d9a9e214a8dd3b79284f4cff6052210b758bbf72)
2004-03-04BUG 1080: fix declaration of SMB_BIG_UINTGerald Carter1-12/+12
(This used to be commit 0b17a4105ecbad26b6bb79ed8148495c02518430)
2004-03-04another fix for bug 761; don't default to bsd printing on linuxGerald Carter1-9/+0
(This used to be commit 29bc83080f47b2f945686e706f2cfef221ac3795)
2004-03-03Use a common function to parse all pathnames from the wire. This allowsJeremy Allison2-0/+7
much closer emulation of Win2k3 error return codes. Jeremy. (This used to be commit 883f89a0184e37bff4f5877a25d31b994996ab08)
2004-03-02fix typo for callback bitJim McDonough1-1/+1
(This used to be commit c1b1a1961f19e2fba680d48e41d0b29cdfd6d39c)
2004-03-01Ok here it is my latest work on privilegesSimo Sorce5-11/+64
This patch add privilege support for samba Currently it is implemented only for tdbsam backend but estending it to other sam backends is straightforward. I must make a big thank to JFM for his teachings on the matter and the functions at the base of this work. At thye moment only samr_create_user honours SeAddUsersPrivilege and SeMachineAccountPrivilege to permit any user to add machines and/or users to the server. The command "net priv" has been provided to manipulate the privileges database. There are still many things to do (like support in "net rpc vampire") but the working core is here. Feel free to comment/extend on this work. Of course I will deny that any bug may affect this code :-) Simo. This patch adds also my patch about add share command enhancements. (This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
2004-02-29Apply my experimental aliases support to HEAD. This will be a bit difficult toVolker Lendecke1-0/+28
merge to 3_0, as the pdb interfaces has changed a bit between the two. This has not been tested too severly (which means it's completely broken ;-), but I want it in for review. Feel free to revert it :-) TODO: make 'net groupmap' a bit more friendly for alias members. Put that stuff into pdb_ldap. Getting the information over to winbind. One plan without linking pdb into winbind would be to fill group_mapping.tdb with the membership information and have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone could trigger that itself, the problem is a BDC using LDAP. This needs to do it on a regular basis. The BDC smbd needs to be informed about SAM changes somehow... Volker (This used to be commit 30ef8fe1e85c0ca229b54f3f1595c4330f7191d1)
2004-02-25Figured out a new flags bit with gentest and ethereal....Jeremy Allison1-0/+1
Jeremy. (This used to be commit 755b66303d04b73a855fa8db5fe3ae920a901bf3)
2004-02-24Add 'net rpc group add'. For this parse_samr.c had to be changed: TheVolker Lendecke2-0/+8
group_info4 in set_dom_group_info also has the level in the record itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can still create a domain group on a samba machine. Volker (This used to be commit 9cadd14aa53d390a2419d7ce4fe48d58cf372279)
2004-02-24Added NTrename SMB (0xA5) - how did we miss this.... ?Jeremy Allison2-1/+4
Jeremy. (This used to be commit d236372876918be2a886a89383cf843b82d4c8db)
2004-02-23Add bad password count/time attributesJim McDonough1-0/+1
(This used to be commit 2fa56111d37a09702b31e1769a687b630aff1c1b)
2004-02-20Make SMB_FILE_ACCESS_INFORMATION call work correctly.Jeremy Allison1-107/+0
Jeremy. (This used to be commit a6cb7af9bad1610e802fa5cddbf68fb887bc2974)
2004-02-20<attr/xattr.h> & <sys/xattr.h> are mutually exclusive it seems; fix build on ↵Gerald Carter1-3/+2
SuSE 8.2 (This used to be commit bf271b96cf6bc42c8a23309d890febf003e1627f)
2004-02-19check for <sys/xattr.h>; needed by Debian testingGerald Carter1-0/+4
(This used to be commit fb90b4140ec45ff4088c41dffce3680b5c4dc170)
2004-02-19Add bad password time fieldsJim McDonough1-0/+2
(This used to be commit 9f496e113c60bde1746c7f1063e83735117b2fe8)
2004-02-13Fixup the 'multiple-vuids' bugs.Jeremy Allison1-10/+19
Jeremy. (This used to be commit a7d4a6d1167f7657113148cdf68ea3c491b51b14)
2004-02-12More sync between HEAD and SAMBA_3_0Jim McDonough1-1/+1
- passdb.h: replace UNKNOWN_3 with FIELDS_PRESENT - parse_samr.c: put comment back in...seems like we shouldn't lose info like this (This used to be commit 6b9efd2f4cd5cf042e2a04a08719a9fe83d54116)
2004-02-09Apply James' printf format checking patch for SGI MIPSPro compiler.Tim Potter1-0/+3
(This used to be commit b354fa606d65ff3621b2870a2ef85d980913f319)
2004-02-08(merge from 3.0)Andrew Bartlett1-13/+0
Remove more unused portions of the 'password cache'. Andrew Bartlett (This used to be commit 33cdb2bd18daca31461bbc45251679f50fd3567f)
2004-01-25(merge from 3.0)Andrew Bartlett1-0/+4
If we are providing strndup(), ensure we provide a prototype too. Andrew Bartlett (This used to be commit 5536c7448e88caa95b13c01956c37deee899dd92)
2004-01-191. The most part of this patch changed the unknown_3 flag to the now knownSimo Sorce5-334/+176
meaning of fields_present bit mask. Also avoid it being saved in backends (0 is saved where removing the unit32 would have produced a format change). Also add support in samr functions to correctly interpret the flags. Flags still not set properly (eg. still set all flags 0xffffff as previous code), need a tool to test this properly (I',ve done preliminary tests with samba4 rpc torture and it seem to work properly against w2k). 2. Patch for handlig the flag user must change password at next logon in usrmgr based on Jianliang Lu <j.lu@tiesse.com> patch (This used to be commit 78975e9483e64412e436c5dbfe2b71e20b79de29)
2004-01-15merge:Stefan Metzmacher1-0/+1
* Fix XFS quotas: XFS_USER_QUOTA -> USRQUOTA XFS_GROUP_QUOTA -> GRPQUOTA * Fix disk_free calculation with group quotas. * Add debug class 'quota' and a lot of DEBUG()'s to the quota code. metze (This used to be commit 33c6ca3b4bc0898893b5d95ea2485b7694b9d198)
2004-01-14Trust passwords types for use with SAM_TRUST_PASSWD structure.Rafal Szczesniak1-0/+7
rafal (This used to be commit ea15c148fd6393512f2fd95d88db6546d40cf14c)
2004-01-14bug 770; correct fix this time; Make sure that we send the SMBjobid for ↵Gerald Carter1-1/+2
unix jobs back to the client. Allows windows client to remove print jobs submitted from lpr (This used to be commit 6a7f9ebccd6a40455cb5446551f3d68ea9a7a824)
2004-01-13sync HEAD with recent changes in 3.0Gerald Carter4-150/+505
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
2004-01-09fix some warnings from the Sun compiler; also merge some of abartlet's error ↵Gerald Carter2-14/+14
code changes form 3.0 (This used to be commit 2279e98cb81faaf8a4e971fec339955f14c23858)
2004-01-07Prototype version of trust passwords moved to SAM/pdb. This isRafal Szczesniak1-1/+54
backend-independent part ie. interface - does build and (it seems) doesn't break anything else. rafal (This used to be commit 9ce6dc6476202d9db6ea1c2deab93e454e4db546)
2004-01-06Merge NTLMSSP fixes from 3.0 to HEAD.Andrew Bartlett1-4/+4
Andrew Bartlett (This used to be commit f7d39c787771616ddb015bd77e3e6cd33f0c7a15)
2004-01-06GUID is struct uuid in HEAD.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit ec24c7f42ac344d14c0e29d4b49c07d8ce213448)
2004-01-06Patch based on work from James Peach <jpeach@sgi.com> to convert over toJeremy Allison3-2/+21
using pread/pwrite. Modified a little to ensure fsp->pos is correct. Fix for #889. Jeremy. (This used to be commit 3a24dc868d95c9bcc2ac3a0dbd50e6e226ac0841)
2004-01-05rpc_client/cli_lsarpc.c:Andrew Bartlett1-0/+13
rpc_parse/parse_lsa.c: nsswitch/winbindd_rpc.c: nsswitch/winbindd.h: - Add const libads/ads_ldap.c: - Add ads_sid_to_dn utility function nsswitch/winbindd_ads.c: - Use new utility function ads_sid_to_dn - Don't search for 'dn=', rather call the ads_search_retry_dn() nsswitch/winbindd_ads.c: include/rpc_ds.h: rpc_client/cli_ds.c: - Fixup braindamage in cli_ds_enum_domain_trusts(): - This function was returning a UNISTR2 up to the caller, and was doing nasty (invalid, per valgrind) things with memcpy() - Create a new structure that represents this informaiton in a useful way and use talloc. Andrew Bartlett (This used to be commit 627d33d1667f0d4b1070f988494885b74c4c04dd)
2004-01-05Merge commit to 3_0: add pdb_pgsqlJelmer Vernooij1-0/+2
(This used to be commit 61cbd5c9be1962d0c33c28ff472a2f82d3aa2a80)
2003-12-25This is metze's LDAP rebind sleep patch:Volker Lendecke1-0/+2
When smb.conf tells us to write to a read-only LDAP replica and we are redirected by the LDAP server, the replication might take some seconds, especially over slow links. This patch delays the next read after a rebind for 'ldap rebind sleep' milliseconds. Metze, thanks for your patience. Volker (This used to be commit 7293550e3642e2553684a7011084dabb0b78fd24)
2003-12-22add well known rid for pre win2k compatible access group; bug 897Gerald Carter1-0/+1
(This used to be commit 426a02cf678236f902c143b56eaaf854fca2237f)
2003-12-10Fix UNISTR2 length bug in LsaQueryInfo(3) that cause SID resolution to fail ↵Gerald Carter1-1/+1
on local files on on domain members; bug 875 (This used to be commit a5c5dde1c34ba44f8d9bbb38720a089a6d61806c)
2003-12-04support munged dial for ldapsam; patch from Aurélien Degrémont; bug 800Gerald Carter1-0/+1
(This used to be commit acf9eae7b0c95776358292c3463951477575bcc6)
2003-12-04* fix RemoveSidForeignDomain() ; bug 252Gerald Carter1-7/+7
* don't fall back to unmapped UNIX group for get_local_group_from_sid() * remove an extra become/unbecome_root() pair from group enumeration (This used to be commit c0f34b42a6a4af09ae4b76721bc350784d87f686)
2003-11-22(merge from 3.0)Andrew Bartlett6-42/+73
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-11-20Typo fix.Rafal Szczesniak1-2/+2
(This used to be commit d1394f02cb0e369701217ce6610f4efe54438c3a)
2003-11-15Split smbldap in a core file and a utility fileSimo Sorce2-0/+35
Add module support for configuration loading Add a first implementation of config_ldap module to put samba configuration on ldap It worked on my test machine, please try it out and send bugfixes :-) have fun, Simo. INSTRUCTIONS: Just add something like this to your smb.conf file: config backend = config_ldap:ldap://localhost config_ldap:basedn = dc=samba,dc=org the config tree must follow this scheme: ou=foo, dc=samba, dc=org <- global section |- sambaOptionName=log level, ou=foo, ... <- options |- ... |- sambaShareName=testlc, ou=foo, ... == [testlc] |- sambaOptionName=path, sambaShareName=testlc, ou=foo, ... <- option here is a sample ldif: # foo, samba, org dn: ou=foo, dc=samba, dc=org objectClass: organizationalUnit objectClass: sambaConfig ou: foo description: Test Foo # log level, foo, samba, org dn: sambaOptionName=log level, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: log level sambaIntegerOption: 10 description: log level 10 is suitable for good debugging # testlc, foo, samba, org dn: sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaShare sambaShareName: testlc description: share to test ldap config module actually works # path, testlc, foo, samba, org dn: sambaOptionName=path, sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: path sambaStringOption: /tmp description: Path for share testlc # read only, testlc, foo, samba, org dn: sambaOptionName=read only, sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: read only sambaBoolOption: TRUE description: Share testlc is read only # guest ok, testlc, foo, samba, org dn: sambaOptionName=guest ok, sambaShareName=testlc, ou=foo, dc=samba, dc=org objectClass: sambaConfigOption sambaOptionName: guest ok sambaBoolOption: TRUE description: Guest users are allowed to connect to testlc share (This used to be commit 207968eafc2c2a185e50e2132702d7bab2142aba)
2003-11-05Merge from 3.0:Tim Potter1-0/+11
Revision 1.16.2.6: Add prototype for smbc_remove_unused_server() to fix compiler warning. Bug #706. (This used to be commit 99f70d86fe17ce39d803fa23a135169e24d8a34e)
2003-11-03removing #include <compat.h> in hopes to avoid problems with apache header ↵Gerald Carter1-4/+0
files; will watch the build farm on this to make sure things don't blow up (This used to be commit b4d80ee74727a72aa8fe070d13e3ca5de71837ca)
2003-10-31Whitespace syncup with 3.0Tim Potter1-7/+7
(This used to be commit 9746ef376d2a52ef6ef6b84421d6b7e988a6ca13)
2003-10-31Formatting syncup with 3.0Tim Potter1-0/+4
(This used to be commit 98881672f5c094181be7988b4d39b451f292e423)
2003-10-31Sync up with 3.0Tim Potter1-3/+3
(This used to be commit 3cd8acb6c362bca82d7268aa283d3f6360b24604)
2003-10-30Last of the GUID->struct uuid changes.Jim McDonough1-7/+0
GUID has been removed. If you are dealing with a flattened version of a [gu]uid, use UUID_FLAT. smb_pack_uuid and smb_unpack_uuid will switch between the two. I'm not sure exactly what the genparse stuff is doing here, so I just switched it to a UUID_FLAT (no functional change), but I suspect this may not be the right way to go. (This used to be commit 001e9d0e814109a26d598001b3c23dfdb04510ff)
2003-10-30Ok, nearing the end of the GUID->struct uuid changes.Jim McDonough1-2/+2
Takes care of secdescs. Had to move the uuid marshall/unmarshalling code to parse_misc, because it's needed outside of parse_rpc.c (for no-auth calls) (This used to be commit 5d2bb079b65ccfec14604d8dcf0ce789d1795b46)
2003-10-30Another round of GUID->struct uuid.Jim McDonough1-1/+1
Takes care of the lsass pipe (This used to be commit 3dca3efa4b427fa3094a8cd392fe5744b5f6f6a8)