summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16122: As we use 'inetOrgPerson' as structural objectclass for new accounts forGünther Deschner1-0/+1
eDir, we already add 'sn' as required attribute on LDAP add operations. When we modify an entry, we need to request 'sn' as well in our attribute lists, so that we don't try to add it a second time. Guenther (This used to be commit e018ea3d1d70e68e6802843f88b3245dc09244c9)
2007-10-10r16060: This is one of the more dirty patches I've put in lately. Parse ↵Volker Lendecke1-1/+2
enough of SetUserInfo level 25 to survive the join method XP uses if the user did not exist before. For good taste this contains way too much cut&paste, but for a real fix there is just not enough time. Up to 3.0.22 we completely ignored that a full level 21 is being sent together with level 25, but we got away with that because on creation we did not set the "disabled" flag on the workstation account. Now we correctly follow W2k3 in this regard, and we end up with a disabled workstation after join. Man, I hate rpc_parse/. The correct fix would be to import PIDL generated samr parsing, but this is would probably be a bit too much for .23... Thanks to Tom Bork for finding this one. Volker (This used to be commit 5a37aba10551456042266443cc0a92f28f8c3d0d)
2007-10-10r15958: Make us pass RAW-OPLOCK with kernel oplocks off.Jeremy Allison1-1/+8
This allows a requestor to set FORCE_OPLOCK_BREAK_TO_NONE to ensure we don't break to level 2. Fixed a couple of resource leaks in error paths in open_file_ntcreatex. Jeremy. (This used to be commit c7c9adcce7f13d01445f31b07fb28a76f0a1d6df)
2007-10-10r15864: build fixes for IRIX 6.4 in the build farm; only enable the C++ ↵Gerald Carter1-1/+5
reserved word check when we selecte --enable-developer (This used to be commit ece5fe3e78da460fb1c0eca3185da7f80c5cfdc4)
2007-10-10r15863: trying to fix a compile issue on HP-UX 11.x caused by conflicts of ↵Gerald Carter1-15/+19
int16 and int32 definitions in internal and system headers (This used to be commit 094443ed6c0fdd06f459211dbca50feed58463ef)
2007-10-10r15848: Introduce commandline options to set the remainder of the parameters inJames Peach2-5/+9
dynconfig.c. This is mainly useful for test harness scripts, hence the lack of short options. (This used to be commit bf3b71c84595608d71e0f15a6158adacb295518e)
2007-10-10r15838: Back-port tridge's talloc fixes (r15824, r15828) from Samba4.Jeremy Allison1-0/+1
Jeremy. (This used to be commit f6c110ddb8cfaa1a57dea52818e7611134c2dcfe)
2007-10-10r15698: An attempt to make the winbind lookup_usergroups() call in security=adsGünther Deschner1-0/+15
more scalable: The most efficient way is to use the "tokenGroups" attribute which gives the nested group membership. As this attribute can not always be retrieved when binding with the machine account (the only garanteed way to get the tokenGroups I could find is when the machine account is a member of the "Pre Win2k Access" builtin group). Our current fallback when "tokenGroups" failed is looking for all groups where the userdn was in the "member" attribute. This behaves not very well in very large AD domains. The patch first tries the "memberOf" attribute on the user's dn in that case and directly retrieves the group's sids by using the LDAP Extended DN control from the user's object. The way to pass down the control to the ldap search call is rather painfull and probably will be rearranged later on. Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2. Guenther (This used to be commit 7d766b5505e4099ef7dd4e88bb000ebe38d71bd0)
2007-10-10r15697: I take no comments as no objections :)Günther Deschner1-5/+27
Expand the "winbind nss info" to also take "rfc2307" to support the plain posix attributes LDAP schema from win2k3-r2. This work is based on patches from Howard Wilkinson and Bob Gautier (and closes bug #3345). Guenther (This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
2007-10-10r15668: DOS or FCB opens share one share mode entry from differentJeremy Allison1-1/+1
fsp pointers. Ensure we cope with this to pass Samba4 DENY tests (we used to pass these, there must have been a regression with newer code). We now pass them. Jeremy (This used to be commit fd6fa1d4eaf61783df74ee2da50d331477f06998)
2007-10-10r15649: Allow to store 24 password history entries in ldapsam (same limit as onGünther Deschner1-0/+1
Windows). Fixes bug #1914. Guenther (This used to be commit b5a5d0b24ea5320cb2f28dbefe81ddf5c58baf77)
2007-10-10r15644: Now that we are referencing uint32_t and other data typesPaul Green1-0/+4
defined in <stdint.h>, ensure that it is present. (Not all implementations pull it in when <sys/types.h> is used). Paul (This used to be commit dafe36ec4cff4e5f94e35841966007e3e4758582)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter3-48/+59
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r15516: Use SMB_BIG_UINT in preference to unsigned long long.James Peach1-4/+4
(This used to be commit f06d94382fa0f501fb1da7e308012b91a9eadb44)
2007-10-10r15508: Use clock_gettime for profiling timstamps if it is available. UseJames Peach1-0/+21
the fastest clock available on uniprocessors. (This used to be commit d44862928206b524f826bd7c2997ab5353c0b6a0)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke1-0/+2
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15462: replace the use of OpenLDAP's ldap_domain2hostlist() forGerald Carter2-0/+55
locating AD DC's with out own DNS SRV queries. Testing on Linux and Solaris. (This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
2007-10-10r15450: Change profiling data macros to use stack variables rather thanJames Peach2-39/+53
globals. This catches mismatched start/end calls and removes the need for special nested profiling calls. (This used to be commit ee750498812190edd3ec52ca3c750258f3b8a97a)
2007-10-10r15443: Purely cosmetic reformat, no functional changes.Günther Deschner1-53/+50
Guenther (This used to be commit ef40428d935831bdb19111c933d20e381647f6f8)
2007-10-10r15442: Add some more client rpc for the querydominfo calls (from samba4 idl).Günther Deschner1-4/+28
Also return the hostname for the level 6 call (to be consistent with the server name in level 2). Guenther (This used to be commit 41b72e77ae70c96de4659af6b4b6bd842dd67981)
2007-10-10r15441: cleanup older unused padding.Günther Deschner1-2/+0
Guenther (This used to be commit 6e225e0528604c797a953eb8d3b49a873b21584f)
2007-10-10r15438: Fix samrQueryDomainInfo level 5 where we returned our netbiosGünther Deschner1-2/+2
name eversince instead of the domain name when we are a DC. Yes, there are applications relying on this call to be correct. Guenther (This used to be commit 26dd22c9af8caf3db236984e4683ba210376ca59)
2007-10-10r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.Günther Deschner1-0/+1
Guenther (This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
2007-10-10r15402: Fix for bug #3587. Dead entries can be left in the lockingJeremy Allison1-0/+1
db. Make this db self-cleaning on first read of entry after open, and also on smbstatus -b call. Needs more testing when I get back from Boston but passes valgrind at first look. Jeremy. (This used to be commit c66531096325848d1476054df5d53ad05c2ffc83)
2007-10-10r15251: Adding PreWin2kAccess builtin sid.Günther Deschner1-0/+1
Guenther (This used to be commit 4330d1b74cba14501c2864105b2fae53ccf9475f)
2007-10-10r15243: Sorry for the breakage:Günther Deschner1-1/+5
* Fix the build without kerberos headers * Fix memleak in the krb5_address handling Guenther (This used to be commit 10e42117559d4bc6a34e41a94914bf6c65c3477f)
2007-10-10r15240: Correctly disallow unauthorized access when logging on with theGünther Deschner2-0/+14
kerberized pam_winbind and workstation restrictions are in effect. The krb5 AS-REQ needs to add the host netbios-name in the address-list. We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from the edata of the KRB_ERROR but the login at least fails when the local machine is not in the workstation list on the DC. Guenther (This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
2007-10-10r15216: Fix the build for machines without krb5. Oops, sorry.Jeremy Allison1-0/+8
Jeremy. (This used to be commit bea87e2df45c67cc75d91bd3ed1acc4c64a1c8ea)
2007-10-10r15162: Patch for bug #3668. Windows has a bug with LARGE_READXJeremy Allison1-1/+3
where if you ask for exactly 64k bytes it returns 0. Jeremy. (This used to be commit dcef65acb5bc08ea4b61ef490a518b7e668ff2ee)
2007-10-10r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.Jeremy Allison1-0/+1
With this change (and setting lanman auth = no in smb.conf) we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth. Jeremy (This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10r15088: Remove all time() and gettimeofday() calls out of the mainlineJeremy Allison1-0/+1
packet processing code. Only do these when needed (ie. in the idle timeout code). We drop an unneccessary global here too. Jeremy. (This used to be commit 8272a5ab0605fcf95527143c4f909aa1008e5b94)
2007-10-10r15072: Last bit of 32/64 bit portabilities fixes for winbindGerald Carter1-0/+5
clients and aservers. Strange compiler-fu on 64-bit SLES9 says sizeof(time_t) == 4 but the memory alignment is on 8 bytes. Change time_t to uint32 to fix alignment. Remove 'char **gr_mem' from struct winbindd_gr since it was not being used. (This used to be commit b68e66d5c4f7348e674b8a009656ebfbbc06e288)
2007-10-10r15060: The brlock code gets called a lot. Ensure we keep theJeremy Allison1-0/+8
key around while we're using it - saves many calls to locking_key() (now deleted). Jeremy. (This used to be commit 2f8b527dcf4a36fbb933ce79c720c0425de76b4a)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-0/+13
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r15047: Add support for using libunwind to generate a backtrace. This isJames Peach1-4/+0
primarily intended for ia64 systems where libunwind knows more about the different ways of walking the stack that just about anything else. (This used to be commit 256a19d722f360dac3c8e83f5bfac453fa70db96)
2007-10-10r15041: Adding rpc client calls to manipulate auditing policies on remote CIFSGünther Deschner1-59/+115
servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2007-10-10r15022: Fix core dumps on normal server exit.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 13c3abf03187f84874b5754b54de5d3fe2dea188)
2007-10-10r15018: Merge Volker's ipc/trans2/nttrans changes overJeremy Allison5-5/+83
into 3.0. Also merge the new POSIX lock code - this is not enabled unless -DDEVELOPER is defined. This doesn't yet map onto underlying system POSIX locks. Updates vfs to allow lock queries. Jeremy. (This used to be commit 08e52ead03304ff04229e1bfe544ff40e2564fc7)
2007-10-10r14898: This change is an attempt to improve the quality of the information thatJames Peach3-1/+10
is produced when a process exits abnormally. First, we coalesce the core dumping code so that we greatly improve our odds of being able to produce a core file, even in the case of a memory fault. I've removed duplicates of dump_core() and split it in two to reduce the amount of work needed to actually do the dump. Second, we refactor the exit_server code path to always log an explanation and a stack trace. My goal is to always produce enough log information for us to be able to explain any server exit, though there is a risk that this could produce too much log information on a flaky network. Finally, smbcontrol has gained a smbd fault injection operation to test the changes above. This is only enabled for developer builds. (This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
2007-10-10r14847: Tell static checkers that exit_server() doesn'tJeremy Allison1-0/+1
return. Jeremy. (This used to be commit 9c5e26a56aaaf1143b43e61d208ddaeb96f2ffcb)
2007-10-10r14763: Add a new tuning parameter, open files database hash size,Jeremy Allison1-1/+1
this allows us to experiment with ensuring the tdb hash size for our open files and locking db are appropriately sized. Make the hash size larger by default (10007 instead of 1049) and make the locking db hash size the same as the open file db hash size. Jeremy. (This used to be commit e7225f7e813423c3e2a94af6a9d7ce8a1b50a166)
2007-10-10r14751: Use the noreturn attribute to try and tell coverity thatJeremy Allison1-0/+9
smb_panic can't return. Jeremy. (This used to be commit ba9c98983efbf4871e1ec07df37590d97ec52fba)
2007-10-10r14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-basedJames Peach3-1/+7
HSM is interested in. Tested on both IRIX and SLES9. (This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)
2007-10-10r14664: r13868@cabra: derrell | 2006-03-22 17:04:30 -0500Derrell Lipman2-10/+98
Implement enhancement request 3505. Two additional features are added here. There is now a method of saving an opaque user data handle in the smbc_ context, and there is now a way to request that the context be passed to the authentication function. See examples/libsmbclient/testbrowse.c for an example of using these features. (This used to be commit 203b4911c16bd7e10198a6f0e63960f2813025ef)
2007-10-10r14646: Adding samr querygroup infolevels 2 & 5.Günther Deschner1-1/+16
Guenther (This used to be commit 6c4fe819c69f281915ad0f4c3bde4dfb194aa33a)
2007-10-10r14634: Many bug fixes thanks to train rides and overnight stays in airportsGerald Carter1-0/+5
* Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10r14600: Refactor capability interface from being IRIX-specific to using onlyJames Peach2-19/+3
the POSIX interface. Note that this removes support for inherited capabilities. This wasn't used, and probably should not be. (This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
2007-10-10r14597: Merge DCERPC_FAULT constants from Samba 4.Günther Deschner1-0/+10
Guenther (This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-2/+2
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14368: Remove redundant set of logon flags (now in rpc_netlogon.h).Günther Deschner1-2/+0
Guenther (This used to be commit 8d4290cb8ed75cf12fa45bcf3e93cfe1a5567919)