summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2004-01-08fix a seg fault caused by abartlet's last checkin; there's no way this could ↵Gerald Carter1-1/+1
have been tested against an NT4 DC (This used to be commit 8e8a351cabb502f1a93b219fec064fb4eb094856)
2004-01-08use SAFE_FREE(), not free().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 595dee660742f8bd5770a5f7aaf3a5d1987dbcfa)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett20-158/+298
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-08In tdb_allocate(), we would create a new record by writing a local variableAndrew Bartlett1-0/+2
'newrec' into the tdb. This was not initialised, so valgrind warned about it. (Note: valgrind only makes sense on tdbs with 'mmap = no' in your smb.conf) Andrew Bartlett (This used to be commit c9f9d6d3171d720b4ec0ba6af8c0c8ab178cd98b)
2004-01-08Make it clearer that the domain here is the domain of the user forAndrew Bartlett1-5/+5
authentication. Andrew Bartlett (This used to be commit 7e6cc8f0037f9948230a1e1bd380f30cec5d511e)
2004-01-08Move more of winbind to use 'find_our_domain()' rather than the dangerousAndrew Bartlett5-48/+38
find_domain_from_name(lp_workgroup()). (as find_domain_from_name() can change the data in lp_workgroup()) Andrew Bartlett (This used to be commit 2e6eaad9ce6a0ad6923b5952ef6cf1c3688b7cfa)
2004-01-08The correct test for 'is our primary domain' is domain->primaryAndrew Bartlett1-1/+1
(This used to be commit 703f101136b8e9bbc16f57a37cd9d9d739606a84)
2004-01-07Machines are people too!Andrew Bartlett5-36/+25
While machine accounts cannot use an NTLM login (NT4 style), they are otherwise full and valid members of the domain, and expect to be able to use kerberos to connect to CIFS servers. This means that the LocalSystem account, used by various services, can perform things like backups, without the admin needing to enter further passwords. This particular issue (bug 722) has started to come up a lot on the lists. I have only enabled it for winbindd-based systems, as the macros use use to call the 'add user script' will strip the $ from the username for security reasons. Andrew Bartlett (This used to be commit 6a9bbd1da3bb961d24e74348fa0b68574022855f)
2004-01-07Fix for bug #922. Fast path not called for strlower_m() and strupper_m().Jeremy Allison1-2/+2
From ab@samba.org (Alexander Bokovoy). Jeremy. (This used to be commit fac9e6d7125fb9edfade3c92a3cd9e1f2c60cefd)
2004-01-07Typo fix.Rafal Szczesniak1-1/+1
rafal (This used to be commit 5d7f81eea2f3d9ba59eb549a45de030b0a277263)
2004-01-07Doxygen comment fix.Rafal Szczesniak1-2/+5
rafal (This used to be commit b5e492b8eaf7cefe185d44b6c708f96ff61bd27b)
2004-01-07Fix from Justin Baugh <justin.baugh@request.com> for bugid #948 forJeremy Allison1-1/+4
FreeBSD winbindd. Jeremy. (This used to be commit 7c4d52014e4432c9bd430a8885f0c314312002d5)
2004-01-07commiting jra's fix for Exchange clear test authGerald Carter1-1/+2
(This used to be commit 344e113368cb46fc4d26107d1cd276e4c76a6a9b)
2004-01-07Fix from Luke Howard <lukeh@PADL.COM> for incorrect early free().Jeremy Allison1-5/+7
Jeremy. (This used to be commit 8e20c06ed31d9ec10ff0155b1624eee3d60cd006)
2004-01-07Don't duplicate pulling the 'IPC' username from secrets.tdb, insteadAndrew Bartlett2-7/+45
just use one function for both places. Andrew Bartlett (This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
2004-01-07There is a German translation of swat -- surprise :-)Volker Lendecke1-5/+5
Fix some msgs Volker (This used to be commit d42953681731d18aef740cd7dd9919e0f4715645)
2004-01-07Add smbget utility, a simple wget-like utility that uses libsmbclient.Jelmer Vernooij2-1/+581
Supports recursive downloads and resume, progress indication and shows estimated time remaining. (This used to be commit 82bd1b45a4205706b57bae42c7b03974f8b44753)
2004-01-06Fix segfualt caused by incorrect configuration. If lp_realm() was not set,Andrew Bartlett1-5/+9
but security=ADS, we would attempt to free the principal name that krb5 never allocated. Also fix the dump_data() of the session key, now that we use a data_blob to store that. Andrew Bartlett (This used to be commit 4ad67f13404ef0118265ad66d8bdfa256c914ad0)
2004-01-06Patch penguin. Cleaning out old mbp patch.Jeremy Allison1-22/+24
Jeremy. (This used to be commit d75db0bf1eee9c4341a3ec14c05f82b364a202b3)
2004-01-06Fix -s option to smbcontrol (#908)Jelmer Vernooij1-1/+1
(This used to be commit 7495395c1cc3b09b27d6eeb7dff6f214701d03d6)
2004-01-06remove unused seek_file(); don't hardcode '\' when printing the auth-userGerald Carter2-26/+1
(This used to be commit fac5e05ca1b56cb6e3ab6537d0848fa373c00831)
2004-01-06bumping to 3.0.2pre2Gerald Carter1-1/+1
(This used to be commit 52480d6d05c1008a25b4a45cbf7682fe227df83a)
2004-01-06isolate ldap debug messages to the common smbldap_XXX() functionsGerald Carter3-12/+9
(This used to be commit 7d7a262f45182e67daecdca49df85445c2b9700a)
2004-01-06XFS quota patch from Stefan Metzmacher <metze@metzemix.de>.Jeremy Allison5-42/+74
Jeremy. (This used to be commit cae5f158e583572436a2f4c20d919816d763f93d)
2004-01-06Correctly detect AFS headers on SuSE in /usr/include/afs/afs/Volker Lendecke1-6/+46
Volker (This used to be commit 50be537b19dc6a4c63a58b9c73e6ad354b7c0d89)
2004-01-06Patch by Stefan Metzmacher <metze@metzemix.de>:Andrew Bartlett1-0/+4
here's a small fix that fixes the new quota system on irix. I need to reanable XFS quotas on irix for the new quota system (Jerry do you want to wait for this for the release ?) But the old system works and is the default on irix! (This used to be commit 5d43e00a49afc4cf523a531ae6db1a3a8b86c650)
2004-01-06Patch based on work from James Peach <jpeach@sgi.com> to convert over toJeremy Allison8-133/+323
using pread/pwrite. Modified a little to ensure fsp->pos is correct. Fix for #889. Jeremy. (This used to be commit 019aaaf0df091c3f67048f591e70d4353a02bb9b)
2004-01-06Ensure that for wbinfo --set-auth-user, we actually use the domain.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 93a5d8079a0291be14517e437f8f0c964c21e91d)
2004-01-05cifs mount helper mergeSteve French1-226/+450
(This used to be commit 865fcdcb85d47eeff854f4df0aba0c0f3452bdd9)
2004-01-05Fix more cases to ensure that as a server, we don't complain to the clientAndrew Bartlett1-3/+1
about our server-side lack of session key. Andrew Bartlett (This used to be commit ba33f1e0d5fe2aed3e378c9c23511c0b4d6f7d14)
2004-01-05Added last missing file.Jeremy Allison1-0/+486
Jeremy. (This used to be commit ffaf9982dcf9e8d8aec1b3edb79ba7c93bfbb9ef)
2004-01-05Oops. Broke the build. Added missing files.Jeremy Allison4-0/+1109
Jeremy. (This used to be commit 52eafc131e26ecc2c4ce8df856c380eb7fd8af69)
2004-01-05Fix from James Flemer <jflemer@uvm.edu> to make HAVE_ATTR_LIST linked toJeremy Allison1-3/+3
HAVE_SYS_ATTRIBUTES_H to fix AIX compile. Jeremy. (This used to be commit 1b1c216122e4dcf40e4ccaea528a7775521fa618)
2004-01-05fix inverted check using krb5_kt_resolve() and HAVE_MEMORY_KEYTAB; bug 912Gerald Carter1-2/+2
(This used to be commit 134cf1d546cc46c8a907205ee7be7593cbb524b6)
2004-01-05Patch from Stefan (metze) Metzmacher <metze at metzemix.de> to revert to ↵Jeremy Allison5-776/+133
2.2.x quota methods. :-). "here's a patch which ports the samba 2.2 samba_linux_quota.h stuff to 3_0. This is needed because of so many broken quota files outthere. Please, test this with old, new kernels (strucr dqblk, struct mem_dqblk, and struct if_dqblk) , quota.user, aquota.user formats what is when a user is over soft quota and over hard quotas..." Jeremy. (This used to be commit 4350aa6ce6cfdaf71cdcfd2aebcdc9560fa7efcf)
2004-01-05Ensure we set "always sign" flag if set. We don't currently do anything withJeremy Allison1-0/+4
this but we should log the fact it was negotiated. Jeremy. (This used to be commit 84d34e32be03ec99ce19520f24bb4daaeeddbbc3)
2004-01-05Fix warningVolker Lendecke1-1/+1
Volker (This used to be commit 541e6998a06ac523ad794b10f4e7a46951a06726)
2004-01-05Don't free the encrypted_session_key early - that causes the subsequentAndrew Bartlett1-1/+1
test for a valid length to fail... This should fix 'security=server' and hosts-equiv failures picked up by the build farm. Andrew Bartlett (This used to be commit 39311495de3bd0a902f730967f30176db97be05a)
2004-01-05shorten some more lines.Andrew Bartlett1-7/+14
(This used to be commit 7e5855dfd27ed9ec1fa924986f1ba02632a0d5a0)
2004-01-05Try to keep vl happy - shorten some of these lines.Andrew Bartlett1-6/+12
(This used to be commit 3a4c56e4c60854bbd291adc7d321d3869e6dedab)
2004-01-05Grumble... grumble... fix the build...Andrew Bartlett1-5/+7
(This used to be commit 687aececa66c2c1ba8e5bc3127d8ca79a97436d1)
2004-01-05Show the sid type in name->sid translatons in a way that can be easilyAndrew Bartlett1-1/+1
understood by humans. Andrew Bartlett (This used to be commit 3d91b0a0060f18d49b2fdd9f93ef310e2ea7779d)
2004-01-05Always call the auto-init funciton - this avoids tdb segfaulting underAndrew Bartlett1-0/+6
us if we failed to open it earlier. Andrew Bartlett (This used to be commit 379368b0bec1f57cc5302b274362ce2f1df0fd9d)
2004-01-05Correctly handle per-pipe NTLMSSP inside a NULL session. Previously weAndrew Bartlett2-7/+20
would attempt to supply a password to the 'inside' NTLMSSP, which the remote side naturally rejected. Andrew Bartlett (This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4)
2004-01-05Change our Domain controller lookup routines to more carefully seperateAndrew Bartlett9-121/+144
DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett (This used to be commit 32397c8b01f1dec7b05140d210bb32f836a80ca6)
2004-01-05Add const.Andrew Bartlett1-3/+3
(This used to be commit aacb817e89d17349003159e1b7c28546babc8559)
2004-01-05There is some memory corruption hidden somewhere in our winbind code. If IAndrew Bartlett1-4/+8
could reproduce it, I would fix it, but for now just make sure we always SAFE_FREE() and set our starting pointers to NULL. Andrew Bartlett (This used to be commit c279e178bc122e1e2aa519f7a373a3d93672a3ac)
2004-01-05Change (unused) structure parameter for cli_ds_enum_domain_trusts() cleanup.Andrew Bartlett1-1/+1
(This used to be commit 6e5b084c20b59a86e86445bf6d101cada45da602)
2004-01-05rpc_client/cli_lsarpc.c:Andrew Bartlett8-104/+102
rpc_parse/parse_lsa.c: nsswitch/winbindd_rpc.c: nsswitch/winbindd.h: - Add const libads/ads_ldap.c: - Cleanup function for use nsswitch/winbindd_ads.c: - Use new utility function ads_sid_to_dn - Don't search for 'dn=', rather call the ads_search_retry_dn() nsswitch/winbindd_ads.c: include/rpc_ds.h: rpc_client/cli_ds.c: - Fixup braindamage in cli_ds_enum_domain_trusts(): - This function was returning a UNISTR2 up to the caller, and was doing nasty (invalid, per valgrind) things with memcpy() - Create a new structure that represents this informaiton in a useful way and use talloc. Andrew Bartlett (This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371)
2004-01-05Fix for bug 707, getent group for huge ads groups (>1500 members)Andrew Bartlett2-30/+202
This introduces range retrieval of ADS attributes. VL rewrote most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. I rewrote that patch, to ensure that we can keep an eye on the USN (sequence number) of the entry - this allows us to ensure the read was atomic. In particular, the range retrieval is now generic, for strings. It could easily be made generic for any attribute type, if need be. Andrew Bartlett (This used to be commit 131bb928f19c7b1f582c4ad9ac42e5f3d9dfb622)