Jeremy Allison [Sat, 2 Aug 2003 07:07:38 +0000 (07:07 +0000)]
More fixes for client and server side signing. Ensure sequence numbers
are updated correctly on returning an error for server trans streams.
Ensure we turn off client trans streams on error.
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 03:12:39 +0000 (03:12 +0000)]
Leave the packet sequence checkers enabled whilst I track down a smbclient -> smbd
sequence number problem.
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 03:06:07 +0000 (03:06 +0000)]
Add the same signing code to the server. Ensure we use identical session
numbers and MIDs when in trans/trans2/nttrans code.
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 00:29:45 +0000 (00:29 +0000)]
Correct fix (removed the earlier band-aid) for what I thought was a signing
bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call
the MID and send_sequence_number and reply_sequence_number must remain constant.
This was something we got very wrong in earlier versions of Samba. I can now
get a directory listing from WINNT\SYSTEM32 with the older earlier parameters
for clilist.c
This still needs to be fixed for the server side of Samba, client appears to
be working happily now (I'm doing a signed smbtar download of an entire W2K3
image to test this :-).
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 21:09:10 +0000 (21:09 +0000)]
Fix the option processing for smbtar. Does no one check this !
Jeremy.
Herb Lewis [Fri, 1 Aug 2003 19:45:12 +0000 (19:45 +0000)]
add tests for IRIX attr functions
Jim McDonough [Fri, 1 Aug 2003 15:30:44 +0000 (15:30 +0000)]
Update my copyrights according to my agreement with IBM
Jim McDonough [Fri, 1 Aug 2003 15:21:20 +0000 (15:21 +0000)]
Update my copyrights according to my agreement with IBM
Jim McDonough [Fri, 1 Aug 2003 14:47:39 +0000 (14:47 +0000)]
Fix copyright statements for various pieces of Anthony Liguori's work.
Gerald Carter [Fri, 1 Aug 2003 13:28:13 +0000 (13:28 +0000)]
fix cut-n-paste error found by abartlet
Volker Lendecke [Fri, 1 Aug 2003 07:59:23 +0000 (07:59 +0000)]
Add ntlmssp client support to ntlm_auth. Find the corresponding cyrus sasl
module under http://samba.sernet.de/cyrus-gss-spnego.diff
Volker
Volker Lendecke [Fri, 1 Aug 2003 07:46:42 +0000 (07:46 +0000)]
Fix a memory leak. I did not check all the calls to winbindd_request, but
we might leak the extra_data somewhere else as well.
Volker
Volker Lendecke [Fri, 1 Aug 2003 07:45:02 +0000 (07:45 +0000)]
locking.c now refers to map_nt_error_from_unix, so link it in with
smbstatus and smbcontrol
Volker
Jeremy Allison [Fri, 1 Aug 2003 06:29:16 +0000 (06:29 +0000)]
Finish reformatting.
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 06:10:30 +0000 (06:10 +0000)]
Final fix for the bug tridge found. Only push locks onto a blocking lock
queue if the posix lock failed with EACCES or EAGAIN (this means another
lock conflicts). Else return an error and don't queue the request.
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 01:03:05 +0000 (01:03 +0000)]
Reformat lots of clitar code as I hate the style so much :-).
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 00:41:57 +0000 (00:41 +0000)]
Reformat clitar option processing - getting ready to fix it for popt...
Jeremy.
Andrew Tridgell [Thu, 31 Jul 2003 23:22:21 +0000 (23:22 +0000)]
CVAL_NC() doesn't need the (unsigned) fix and breaks the IRIX build
Thanks to Herb for pointing this out!
Jeremy Allison [Thu, 31 Jul 2003 21:47:22 +0000 (21:47 +0000)]
Added a note inspired by andrew@cis.uoguelph.ca to explain when this
parameter gets run.
Jeremy.
Gerald Carter [Thu, 31 Jul 2003 19:01:22 +0000 (19:01 +0000)]
only honor the first OID in the sessetup snego negotiate. Deviates
from RFC but I'm smelling a client bug here.
/* only look at the first OID for determining the mechToken --
accoirding to RFC2478, we should choose the one we want
and renegotiate, but i smell a client bug here..
Problem observed when connecting to a member (samba box)
of an AD domain as a user in a Samba domain. Samba member
server sent back krb5/mskrb5/ntlmssp as mechtypes, but the
client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an
NTLMSSP mechtoken. --jerry */
Alexander Bokovoy [Thu, 31 Jul 2003 17:08:38 +0000 (17:08 +0000)]
Return proper error when it is impossible to change quota flags
Volker Lendecke [Thu, 31 Jul 2003 15:53:59 +0000 (15:53 +0000)]
Fix off-by-one found by valgrind.
Volker
Volker Lendecke [Thu, 31 Jul 2003 15:53:26 +0000 (15:53 +0000)]
spnego.c has function definitions. Prototype them.
Anybody familiar with Makefile.in could you please look at this?
This is probably the wrong way to fix this.
Volker
Volker Lendecke [Thu, 31 Jul 2003 10:24:10 +0000 (10:24 +0000)]
Fixes for memory leaks in gss spnego handling by aliguori.
Volker
Volker Lendecke [Thu, 31 Jul 2003 10:23:13 +0000 (10:23 +0000)]
This fixes an error I must have made when playing with spnego.c found
by aliguori: NegTokenInit.mechListMIC is an Octet String.
Second: add a free_spnego_data function.
Both thanks to aliguori.
Volker
Volker Lendecke [Thu, 31 Jul 2003 10:21:13 +0000 (10:21 +0000)]
Apply some const
Gerald Carter [Thu, 31 Jul 2003 06:37:37 +0000 (06:37 +0000)]
make sure the domain sid is set when enumerating trusted domains
(we don't always get it back)
Gerald Carter [Thu, 31 Jul 2003 05:43:47 +0000 (05:43 +0000)]
working on transtive trusts issue:
* use DsEnumerateDomainTrusts() instead of LDAP search.
wbinfo -m now lists all trusted downlevel domains and
all domains in the forest.
Thnigs to do:
o Look at Krb5 connection trusted domains
o make sure to initial the trusted domain cache as soon
as possible
Tim Potter [Thu, 31 Jul 2003 04:28:43 +0000 (04:28 +0000)]
Whoops - this is probably better shell syntax.
Tim Potter [Thu, 31 Jul 2003 04:27:41 +0000 (04:27 +0000)]
Turn on automatic winbindd support for FreeBSD and see what the compile farm
thinks of it.
Andrew Tridgell [Thu, 31 Jul 2003 04:01:32 +0000 (04:01 +0000)]
This is a critical bug fix for a data corruption bug. If you
maintain another tree then please apply!
On non-X86 machines out byte-order macros fails for one particular
value. If you asked for IVAL() of 0xFFFFFFFF and assigned it to a 64
bit quantity then you got a 63 bit number 0x7FFFFFFFFFFFFFFF rather
than the expected 0xFFFFFFFF. This is due to some rather bizarre and
obscure sign extension rules to do with unsigned chars and arithmetic
operators (basically if you | together two unsigned chars you get a
signed result!)
This affected a byte range lock using the large lockingX format and a
lock of offset 0 and length 0xFFFFFFFF. Microsoft Excel does one of
these locks when opening a .csv file. If the platform you run on does
not then handle locks of length 0x7FFFFFFFFFFFFFFF then the posix lock
fails and the client is given a lockingX failure. This causes the .csv
file to be trunated!!
Jeremy Allison [Thu, 31 Jul 2003 01:33:44 +0000 (01:33 +0000)]
Wrap calls to change_oem_password() in become_root()/unbecome_root() pairs
to allow UNIX password change scripts to work correctly. This is safe as
the old password has been checked as correct before invoking this.
Jeremy.
Jeremy Allison [Thu, 31 Jul 2003 00:30:01 +0000 (00:30 +0000)]
Turn the 'doing_signing' variable on - fix bug where it was only being set
on when signing was mandatory.
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 23:49:29 +0000 (23:49 +0000)]
Add a command line option (-S on|off|required) to enable signing on client
connections. Overrides smb.conf parameter if set.
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 23:33:56 +0000 (23:33 +0000)]
Save us from possibly uninitialised variable (caught by gcc).
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 19:00:52 +0000 (19:00 +0000)]
Fix bug we discovered in W2K client signing on secondary trans2 packets.
Use W2K parameters. tpot please re-test smbclient with your problem
directory.
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 18:57:37 +0000 (18:57 +0000)]
Eliminate valgrind error when client gets bad sig on list. Some reformatting.
Jeremy.
Gerald Carter [Wed, 30 Jul 2003 17:37:46 +0000 (17:37 +0000)]
add a few more tidy ups. Now onto winbindd
Gerald Carter [Wed, 30 Jul 2003 17:29:00 +0000 (17:29 +0000)]
add support for DsEnumerateDomainTrusted for enumerating all the
trusted domains in a forest.
Jeremy Allison [Wed, 30 Jul 2003 16:34:14 +0000 (16:34 +0000)]
Don't revert something until you've seen if volker has already fixed it :-).
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 15:30:36 +0000 (15:30 +0000)]
Comment out mutex until I get dependencies sorted out...
Jeremy
Volker Lendecke [Wed, 30 Jul 2003 08:05:34 +0000 (08:05 +0000)]
bin/net needs server_mutex as kerberos_verify now uses it.
Volker
Jeremy Allison [Tue, 29 Jul 2003 21:32:36 +0000 (21:32 +0000)]
Put mutex around access of replay cache for krb5 tickets. krb5 replay cache
is not multi-process safe.
Jeremy.
Herb Lewis [Tue, 29 Jul 2003 20:11:18 +0000 (20:11 +0000)]
split replace into replace and replace1 to allow setenv to be used by
nsswitch modules. Add required libraries to get rid of undefined
functions for libns_winbind.so and libns_wins.so
Jeremy Allison [Tue, 29 Jul 2003 19:16:59 +0000 (19:16 +0000)]
Fix bug #226. Stop unmangle of name into a wildcard name from deleting more
than was intended.
Jeremy.
Alexander Bokovoy [Tue, 29 Jul 2003 18:07:13 +0000 (18:07 +0000)]
Add NT quotas support. Users allowed now to manage quotas on systems with sysquotas interface detected (Linux at least) using native Windows tools. Also move default quota support for NT quotas to VFS module default_quota. Code by Metze
Jeremy Allison [Tue, 29 Jul 2003 17:34:20 +0000 (17:34 +0000)]
Finish tridge's patch as referenced here :
make sure we don't allow the creation of directories containing
wildcard characters. I've only put this in mkdir at the moment, but I
suspect this will apply to all places that can create new filenames.
We need to allow the opening of existing filenames that contain
wildcards, but not allow the creation of new ones.
Jeremy.
Jeremy Allison [Tue, 29 Jul 2003 17:03:51 +0000 (17:03 +0000)]
Typo on my part. I typed KRB5_KDB_BAD_ENCTYPE when I meant to type KRB5_BAD_ENCTYPE.
Heimdal has the latter, not the former.
Jeremy.
Jim McDonough [Tue, 29 Jul 2003 16:34:31 +0000 (16:34 +0000)]
Fix the build on Heimdal. KRB5_KDB_BAD_ENCTYPE doesn't exist on Heimdal, and
it's a different rc than KRB5_BAD_ENCTYPE (which exists on both MIT and
Heimdal). This will just make the debug show up at level 3 always.
Jeremy, you may want to revisit this, but it's probably not worth the hassle.
Volker Lendecke [Tue, 29 Jul 2003 15:00:38 +0000 (15:00 +0000)]
This adds gss-spnego to ntlm_auth. It contains some new spnego support
from Jim McDonough. It is to enable cyrus sasl to provide the
gss-spnego support. For a preliminary patch to cyrus sasl see
http://samba.sernet.de/cyrus-gss-spnego.diff
Volker
Tim Potter [Tue, 29 Jul 2003 02:34:18 +0000 (02:34 +0000)]
Typo fix for bug 258.
Jeremy Allison [Tue, 29 Jul 2003 00:31:44 +0000 (00:31 +0000)]
Improved debug messages whilst trying to track down kerb issues.
Jeremy.
Tim Potter [Tue, 29 Jul 2003 00:15:23 +0000 (00:15 +0000)]
More memory leak fixes from Brett! It turns out PyDict_SetItemString
didn't behave exactly as I thought it did. If you create an item using a
PyFoo_FromBar function you must decrement the reference to that object
afterwards (or use Py_BuildValue).
Tim Potter [Tue, 29 Jul 2003 00:08:05 +0000 (00:08 +0000)]
Memory leak fixes from Brett A. Funderburg - don't use the connection talloc
context for data that is only needed on a per-call basis.
Tim Potter [Tue, 29 Jul 2003 00:05:17 +0000 (00:05 +0000)]
Add debug output api's from lsa/spoolss modules to smb module. Patch
from Brett A. Funderburg.
John Terpstra [Mon, 28 Jul 2003 05:49:51 +0000 (05:49 +0000)]
Corrected description of SWAT FLAGS since they have changed as a result of the
cleanup of loadparm and swat.c
John Terpstra [Mon, 28 Jul 2003 05:47:15 +0000 (05:47 +0000)]
Cleanup of loadparm and swat to correctly display all parameters as required.
No change to what is displayed has been made at this time. I do intend to
change the display order before 3.0.0 ships.
John Terpstra [Sun, 27 Jul 2003 19:49:23 +0000 (19:49 +0000)]
Add buttons to Printers View
John Terpstra [Sun, 27 Jul 2003 17:24:24 +0000 (17:24 +0000)]
Clarified what the SWAT FLAGS mean and what they do.
Note: The comments in this file regarding the FLAGS has been in need of
maintenance for some time.
Andrew Bartlett [Sun, 27 Jul 2003 10:25:44 +0000 (10:25 +0000)]
Fix comment
Andrew Bartlett [Sun, 27 Jul 2003 03:43:41 +0000 (03:43 +0000)]
the testsuite lib needs dummyroot too.
John Terpstra [Sun, 27 Jul 2003 03:43:40 +0000 (03:43 +0000)]
Fix typo.
Andrew Bartlett [Sun, 27 Jul 2003 03:42:10 +0000 (03:42 +0000)]
Use the specified workgroup in 'net ads'. (Defaults to lp_workgroup()).
Andrew Bartlett
Andrew Bartlett [Sun, 27 Jul 2003 03:40:45 +0000 (03:40 +0000)]
Allow the stat cache to better handle invalid multibyte strings, by using
strdup_upper(). This function may fail - and we can just drop out of using
the cache in that case. (Rather than panicing).
This also should get us closer to supporting all of the weird 'longer/shorter'
on uppercase/lowercase.
Andrew Bartlett
Andrew Bartlett [Sun, 27 Jul 2003 03:29:40 +0000 (03:29 +0000)]
Try again to fix up 'session request' name exchange. This time we actualy
get the names...
Andrew Bartlett
Andrew Bartlett [Sun, 27 Jul 2003 02:43:22 +0000 (02:43 +0000)]
If we strupper_m after the alpha_strcpy() we know that it is less likaly
to contain multibyte charcters, as these should have been stripped.
Andrew Bartlett
Andrew Bartlett [Sun, 27 Jul 2003 02:42:22 +0000 (02:42 +0000)]
When removing an 'unused' function, it helps to remove the 'unused' callers...
Andrew Bartlett
Andrew Bartlett [Sun, 27 Jul 2003 02:40:06 +0000 (02:40 +0000)]
Use push_ucs2_allocate(), rather than convert_string_allocate() directly.
Remove strdup_upper/strdup_lower from their old file, now that they have
been moved to charcnv.c
Note that string_replace assumes that s is a pstring. (doco change only)
Andrew Bartlett
Andrew Bartlett [Sun, 27 Jul 2003 02:28:25 +0000 (02:28 +0000)]
Some small fixes to our charset conversion code:
- Treat the NMB names in the 'session request' packet as 'ASCII'. This means
that we do not get invalid multibyte from the wire, even if we truncate
in the conversion. (Otherwise we panic when we try to strupper_m it).
- Remove acnv_uxu2(), as it was duplicated by push_ucs2_allocate()
- Remove acnv_dosu2(), as it is not used.
- In push_ucs2(), with the STR_UPPER flag, do the case conversion *after*
the UCS2 conversion, when it we know that the length can't change. Also
faster, as we don't need to do another 2 UCS2 conversions.
Andrew Bartlett
John Terpstra [Sun, 27 Jul 2003 01:16:24 +0000 (01:16 +0000)]
Adding idmap backend man page section.
Jeremy Allison [Sun, 27 Jul 2003 00:20:45 +0000 (00:20 +0000)]
Ensure all code paths set add_script.
Jeremy.
John Terpstra [Sat, 26 Jul 2003 17:46:47 +0000 (17:46 +0000)]
Format tidy up.
John Terpstra [Sat, 26 Jul 2003 17:09:54 +0000 (17:09 +0000)]
Fixes bug #243
John Terpstra [Sat, 26 Jul 2003 16:56:38 +0000 (16:56 +0000)]
Added buttons to change view mode. Fixes bug #212
Gerald Carter [Sat, 26 Jul 2003 15:50:00 +0000 (15:50 +0000)]
remove unnceccsary $; spotted by Lee Taylor
Gerald Carter [Sat, 26 Jul 2003 12:01:35 +0000 (12:01 +0000)]
fix typo in debug
John Terpstra [Sat, 26 Jul 2003 01:57:16 +0000 (01:57 +0000)]
Updating missing flags.
Jeremy Allison [Sat, 26 Jul 2003 01:21:06 +0000 (01:21 +0000)]
Correctly detect an "add user script" - check that *lp_adduser_script() != '\0',
not lp_adduser_script() != NULL.
Jeremy.
Jeremy Allison [Fri, 25 Jul 2003 23:43:22 +0000 (23:43 +0000)]
Start the packet signing engine in the kerberos case in the same place
as the ntlmssp case.
Jeremy.
Jeremy Allison [Fri, 25 Jul 2003 23:15:30 +0000 (23:15 +0000)]
W00t! Client smb signing is now working correctly with krb5 and w2k server.
Server code *should* also work (I'll check shortly). May be the odd memory
leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup
code (b) we need to ask for a subkey... (c). The client and server need to
ask for local and remote subkeys respectively.
Thanks to Paul Nelson @ Thursby for some sage advice on this :-).
Jeremy.
Gerald Carter [Fri, 25 Jul 2003 19:57:26 +0000 (19:57 +0000)]
Fix bug #184; set max_pw_age in account_pol to -1 so the default is never to expire
Gerald Carter [Fri, 25 Jul 2003 18:00:57 +0000 (18:00 +0000)]
domain in schannel bind credentials must be the dest domain, not ours
Gerald Carter [Fri, 25 Jul 2003 16:42:34 +0000 (16:42 +0000)]
fix case where no realm or workgroup means to use our own
Gerald Carter [Fri, 25 Jul 2003 16:03:46 +0000 (16:03 +0000)]
fix user_in_list to work with winbind groups again; my bug
Gerald Carter [Fri, 25 Jul 2003 14:35:17 +0000 (14:35 +0000)]
fix some error returns and strings; patch from metze
Tim Potter [Fri, 25 Jul 2003 04:24:40 +0000 (04:24 +0000)]
More printf portability fixes. Got caught out by some gcc'isms last
time. )-:
Gerald Carter [Fri, 25 Jul 2003 03:48:56 +0000 (03:48 +0000)]
new swat icons from Marc Jacobsen @ HP
Gerald Carter [Fri, 25 Jul 2003 03:26:03 +0000 (03:26 +0000)]
call chkconfig --del winbind on removal (bug #238)
Gerald Carter [Fri, 25 Jul 2003 02:38:23 +0000 (02:38 +0000)]
fix libsmbclientr symlink (patch by Alex Duggan for bug #247)
Gerald Carter [Fri, 25 Jul 2003 02:24:47 +0000 (02:24 +0000)]
fix bug config file path in winbind init script (bug #237)
Andrew Bartlett [Fri, 25 Jul 2003 01:26:19 +0000 (01:26 +0000)]
Schannel, once setup, may be used on *ANY* TCP/IP connection until the
connection that set it up has been shut down.
(Also, pipes still connected, and reconnections to the same pipe (eg SAMR)
may continue to use that session key until their TCP/IP connection is shut
down)
Allow further testing by printing out the session key, and allowing it's input
into rpcclient.
Next step is automatic storage in a TDB.
Andrew Bartlett
Tim Potter [Fri, 25 Jul 2003 01:18:10 +0000 (01:18 +0000)]
Make wbinfo -p work again. Fixes bug 251.
Tim Potter [Fri, 25 Jul 2003 00:39:06 +0000 (00:39 +0000)]
Jean-Baptiste Marchand on the ethereal list used some auditing tricks to
discover names for the SAMR specific permissions that were previously unknown.
The existing constant names differ from what win2k calls them but since they
aren't heavily used in Samba at the moment I'll leave them as they are.
Jean-Baptiste's data is at:
http://ethereal.ntop.org/lists/ethereal-dev/200307/msg00314.html
Tim Potter [Thu, 24 Jul 2003 23:46:27 +0000 (23:46 +0000)]
More printf fixes - size_t is long on some architectures.
Jeremy Allison [Thu, 24 Jul 2003 19:10:52 +0000 (19:10 +0000)]
Fix from matt.zinkevicius@hp.com to stop files being created on read-only
shares in some circumstances.
Jeremy.
Jeremy Allison [Thu, 24 Jul 2003 19:05:32 +0000 (19:05 +0000)]
Fix packet signing with asynchronous oplock breaks. Removed bad error message
due to w2k bug. I think this code is now working.... Need more testing of course
but works on all the obvious cases I can think of.
Jeremy.
Alexander Bokovoy [Thu, 24 Jul 2003 14:23:54 +0000 (14:23 +0000)]
Add a macro to check whether module-specific data set already or not. Returns True or False. Should support further encapsulation of VFS-specific structs
Alexander Bokovoy [Thu, 24 Jul 2003 11:37:11 +0000 (11:37 +0000)]
Rise debug level to 5 for not-found-nt-quota message (quota setting for user wasn't found)
Jeremy Allison [Thu, 24 Jul 2003 07:02:55 +0000 (07:02 +0000)]
Some fclose -> x_fclose found by Tony Jago.
Jeremy.
Jeremy Allison [Thu, 24 Jul 2003 06:56:56 +0000 (06:56 +0000)]
Ensure everywhere we defer an incoming SMB request (blocking lock queue,
in oplock break state, change notify queue) we also push the MID onto
the deferred signing queue. Tomorrow I will test this with valgrind and
oplock tests.
Jeremy.