summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15251: Adding PreWin2kAccess builtin sid.Günther Deschner1-0/+1
Guenther (This used to be commit 4330d1b74cba14501c2864105b2fae53ccf9475f)
2007-10-10r15243: Sorry for the breakage:Günther Deschner1-1/+5
* Fix the build without kerberos headers * Fix memleak in the krb5_address handling Guenther (This used to be commit 10e42117559d4bc6a34e41a94914bf6c65c3477f)
2007-10-10r15240: Correctly disallow unauthorized access when logging on with theGünther Deschner2-0/+14
kerberized pam_winbind and workstation restrictions are in effect. The krb5 AS-REQ needs to add the host netbios-name in the address-list. We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from the edata of the KRB_ERROR but the login at least fails when the local machine is not in the workstation list on the DC. Guenther (This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
2007-10-10r15216: Fix the build for machines without krb5. Oops, sorry.Jeremy Allison1-0/+8
Jeremy. (This used to be commit bea87e2df45c67cc75d91bd3ed1acc4c64a1c8ea)
2007-10-10r15162: Patch for bug #3668. Windows has a bug with LARGE_READXJeremy Allison1-1/+3
where if you ask for exactly 64k bytes it returns 0. Jeremy. (This used to be commit dcef65acb5bc08ea4b61ef490a518b7e668ff2ee)
2007-10-10r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.Jeremy Allison1-0/+1
With this change (and setting lanman auth = no in smb.conf) we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth. Jeremy (This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10r15088: Remove all time() and gettimeofday() calls out of the mainlineJeremy Allison1-0/+1
packet processing code. Only do these when needed (ie. in the idle timeout code). We drop an unneccessary global here too. Jeremy. (This used to be commit 8272a5ab0605fcf95527143c4f909aa1008e5b94)
2007-10-10r15072: Last bit of 32/64 bit portabilities fixes for winbindGerald Carter1-0/+5
clients and aservers. Strange compiler-fu on 64-bit SLES9 says sizeof(time_t) == 4 but the memory alignment is on 8 bytes. Change time_t to uint32 to fix alignment. Remove 'char **gr_mem' from struct winbindd_gr since it was not being used. (This used to be commit b68e66d5c4f7348e674b8a009656ebfbbc06e288)
2007-10-10r15060: The brlock code gets called a lot. Ensure we keep theJeremy Allison1-0/+8
key around while we're using it - saves many calls to locking_key() (now deleted). Jeremy. (This used to be commit 2f8b527dcf4a36fbb933ce79c720c0425de76b4a)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-0/+13
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r15047: Add support for using libunwind to generate a backtrace. This isJames Peach1-4/+0
primarily intended for ia64 systems where libunwind knows more about the different ways of walking the stack that just about anything else. (This used to be commit 256a19d722f360dac3c8e83f5bfac453fa70db96)
2007-10-10r15041: Adding rpc client calls to manipulate auditing policies on remote CIFSGünther Deschner1-59/+115
servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2007-10-10r15022: Fix core dumps on normal server exit.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 13c3abf03187f84874b5754b54de5d3fe2dea188)
2007-10-10r15018: Merge Volker's ipc/trans2/nttrans changes overJeremy Allison5-5/+83
into 3.0. Also merge the new POSIX lock code - this is not enabled unless -DDEVELOPER is defined. This doesn't yet map onto underlying system POSIX locks. Updates vfs to allow lock queries. Jeremy. (This used to be commit 08e52ead03304ff04229e1bfe544ff40e2564fc7)
2007-10-10r14898: This change is an attempt to improve the quality of the information thatJames Peach3-1/+10
is produced when a process exits abnormally. First, we coalesce the core dumping code so that we greatly improve our odds of being able to produce a core file, even in the case of a memory fault. I've removed duplicates of dump_core() and split it in two to reduce the amount of work needed to actually do the dump. Second, we refactor the exit_server code path to always log an explanation and a stack trace. My goal is to always produce enough log information for us to be able to explain any server exit, though there is a risk that this could produce too much log information on a flaky network. Finally, smbcontrol has gained a smbd fault injection operation to test the changes above. This is only enabled for developer builds. (This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
2007-10-10r14847: Tell static checkers that exit_server() doesn'tJeremy Allison1-0/+1
return. Jeremy. (This used to be commit 9c5e26a56aaaf1143b43e61d208ddaeb96f2ffcb)
2007-10-10r14763: Add a new tuning parameter, open files database hash size,Jeremy Allison1-1/+1
this allows us to experiment with ensuring the tdb hash size for our open files and locking db are appropriately sized. Make the hash size larger by default (10007 instead of 1049) and make the locking db hash size the same as the open file db hash size. Jeremy. (This used to be commit e7225f7e813423c3e2a94af6a9d7ce8a1b50a166)
2007-10-10r14751: Use the noreturn attribute to try and tell coverity thatJeremy Allison1-0/+9
smb_panic can't return. Jeremy. (This used to be commit ba9c98983efbf4871e1ec07df37590d97ec52fba)
2007-10-10r14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-basedJames Peach3-1/+7
HSM is interested in. Tested on both IRIX and SLES9. (This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)
2007-10-10r14664: r13868@cabra: derrell | 2006-03-22 17:04:30 -0500Derrell Lipman2-10/+98
Implement enhancement request 3505. Two additional features are added here. There is now a method of saving an opaque user data handle in the smbc_ context, and there is now a way to request that the context be passed to the authentication function. See examples/libsmbclient/testbrowse.c for an example of using these features. (This used to be commit 203b4911c16bd7e10198a6f0e63960f2813025ef)
2007-10-10r14646: Adding samr querygroup infolevels 2 & 5.Günther Deschner1-1/+16
Guenther (This used to be commit 6c4fe819c69f281915ad0f4c3bde4dfb194aa33a)
2007-10-10r14634: Many bug fixes thanks to train rides and overnight stays in airportsGerald Carter1-0/+5
* Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10r14600: Refactor capability interface from being IRIX-specific to using onlyJames Peach2-19/+3
the POSIX interface. Note that this removes support for inherited capabilities. This wasn't used, and probably should not be. (This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
2007-10-10r14597: Merge DCERPC_FAULT constants from Samba 4.Günther Deschner1-0/+10
Guenther (This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-2/+2
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14368: Remove redundant set of logon flags (now in rpc_netlogon.h).Günther Deschner1-2/+0
Guenther (This used to be commit 8d4290cb8ed75cf12fa45bcf3e93cfe1a5567919)
2007-10-10r14353: Fix coverity bugs #61 and #62. Remember to divide byJeremy Allison1-1/+1
the size of the data table. Clean up the struct a little. Jeremy. (This used to be commit 338538410d484a9358b60b05a86180275344ffa4)
2007-10-10r14255: Revert r14204 which was horribly broken.James Peach1-1/+1
(This used to be commit 950ed28f9f3f57dc449bd3bd6e7be7acb1e3d26d)
2007-10-10r14207: Convert the lp_acl_compatibility() param into an enum.James Peach1-0/+2
(This used to be commit 5429c495c538e416010cf44e1d6fb771770a72ae)
2007-10-10r14204: Remove the basically unused P_GSTRING and P_UGSTRINGJames Peach1-1/+1
parameter types. (This used to be commit 23328fe6fc5e3b4ed3dc35e1475d661a8593eb1a)
2007-10-10r14074: Some cleanup; there is no point in declaring and mappingGünther Deschner1-4/+2
KRB5KRB_ERR_RESPONSE_TOO_BIG when the krb5 library does not know about this. Guenther (This used to be commit 4a1a3c4808307e09fa8ff85da9a963a4a6f0e9ae)
2007-10-10r14051: Add remaining (documented) userAccountControl bits, thanks to LukeGünther Deschner1-2/+2
Howard for pointing this out. Guenther (This used to be commit 170038f4cdfa51ea31b2255a020740d28dfbfba2)
2007-10-10r14050: Add the ACB_PWEXPIRED bit abartlet has found.Günther Deschner1-0/+1
Guenther (This used to be commit 5fa3f26b4c39d612243319fc0729078c50439d6b)
2007-10-10r14049: Found some more MSV1_0 bits and their behaviour;Günther Deschner1-2/+14
just for documentation purpose. Guenther (This used to be commit 0b00424e07f3f9c815664c619e2d7a670a838b93)
2007-10-10r13975: Re-fix Coverity #156 - I had left the hidden arg. inconsistentJeremy Allison1-1/+1
between Realloc and realloc_array. Jeremy. (This used to be commit 841c9b1847ae12656b827e3d35b8bf0c3f68b8b4)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-2/+4
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13878: move PORT_DATA_1 to use static sized UNICODE strings as per MSDNGerald Carter1-5/+11
(This used to be commit c803e1b2afdfc5bd983f046c976c01adebcfa1ad)
2007-10-10r13829: From the "It's not pretty but it works" categoryGerald Carter2-2/+40
* Finish prototype of the "add port command" implementation Format is "addportcommand portname deviceURI" * DeviceURI is either - socket://hostname:port/ - lpr://hostname/queue depending on what the client sent in the request (This used to be commit 6d74de7a676b71e83a3c3714743e6380c04e4425)
2007-10-10r13824: * add api table for Xcv TCPMON and LOCALMON calls startingGerald Carter1-2/+2
with the "MonitorUI" call * Fix some parsing errors This gets us to the Add Port Wizard dialog. (This used to be commit a444aa7f0088fb71ff89df8c280209188b33ec3d)
2007-10-10r13820: * Start fleshing out the XcvDataPort() server implementationGerald Carter2-4/+8
* Add support for the "Local Port" monitor as well through this API (This used to be commit ba9cdd88a0abf90a9c04959e554d7e4f10d17ff7)
2007-10-10r13815: "Into the blind world let us now descend,"Gerald Carter2-1/+28
Began the poet, his face as pale as death. "I will go first, and you will follow me." --- Adding XcvDataPort() to the spoolss code for remotely add ports. The design is to allow an intuitive means of creating a new CUPS print queue from the Windows 2000/XP APW without hacks like specifying the deviceURI in the location field of the printer properties dialog. Also set 'default devmode = yes' as the new default since it causes no harm and only is executed when you have a NULL devmode anyways. (This used to be commit 123e478ce5b5f63a61d00197332b847e83722468)
2007-10-10r13802: I *knew* ASU on sparc had to be good for *something* ! :-).Jeremy Allison1-2/+2
Fix incorrect size understanding of sid name type (yes it's already correct in the Samba4 IDL :-). Jeremy. (This used to be commit 305a774d2880a57d1ebdf2ecf2d7e0b519695a33)
2007-10-10r13733: Reorder so that locking and params declarations are not mingled.James Peach1-17/+18
(This used to be commit cde31d5957ff9a009e111ab3719d20e70a5053b6)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner4-10/+10
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13693: More Solaris/LDAP fixes from Bjoern <bjoern@j3e.de>Volker Lendecke1-0/+6
(This used to be commit 7c098ca0ae4c7e11c7100fb09b42ce716beffb56)
2007-10-10r13690: Check in Björn's LDAP Solaris fix.Volker Lendecke1-0/+4
(This used to be commit d6c6363517513cc66a8933a6e4f95c5ce5cf1cb4)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-2/+3
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13657: Let winbindd try to obtain the gecos field from the msSFU30GecosGünther Deschner1-0/+2
attribute when "winbind nss info = sfu" is set. Fixes #3539. Guenther (This used to be commit ffce0461de130828345c44293e564ca03227607d)
2007-10-10r13625: Now that Heimdal 0.7.2 is released, we reenable our strict checking forGünther Deschner1-2/+1
c++ reserved names. Guenther (This used to be commit e0b50d008728cfc66f6b1eefdadf8a708f4d9500)
2007-10-10r13601: * Remove unused code from pdb_ldap.cGerald Carter1-1/+3
* Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. (This used to be commit 92c251fdf0f1f566cfeca3c75ba2284b644aef5d)