cvs2svn Import User [Thu, 26 Sep 2002 19:45:30 +0000 (19:45 +0000)]
This commit was manufactured by cvs2svn to create tag
'release-3-0alpha20'.
Samba Release Account [Thu, 26 Sep 2002 19:45:29 +0000 (19:45 +0000)]
preparing for release of 3.0alpha20
Gerald Carter [Thu, 26 Sep 2002 18:57:58 +0000 (18:57 +0000)]
sync with SAMBA_3_0
Jelmer Vernooij [Thu, 26 Sep 2002 15:20:11 +0000 (15:20 +0000)]
Fix segfault in sam_context_enum_domains - reported by Kai
Jelmer Vernooij [Thu, 26 Sep 2002 15:11:47 +0000 (15:11 +0000)]
Don't define PASS_MUST_CHANGE_AT_NEXT_LOGON twice..
Jelmer Vernooij [Thu, 26 Sep 2002 15:03:26 +0000 (15:03 +0000)]
Change pdb_xml functions to return NTSTATUS
Jelmer Vernooij [Thu, 26 Sep 2002 14:52:54 +0000 (14:52 +0000)]
Change pdb_mysql function to return NTSTATUS
Jelmer Vernooij [Thu, 26 Sep 2002 14:29:09 +0000 (14:29 +0000)]
Make functions return NTSTATUS instead of BOOL
Volker Lendecke [Thu, 26 Sep 2002 14:01:39 +0000 (14:01 +0000)]
Add -r parameter to smbgroupedit. With -r you can manually choose
a rid.
Volker
Andrew Bartlett [Thu, 26 Sep 2002 13:31:49 +0000 (13:31 +0000)]
Patch from "Kai Krueger" <kai@kruegernetz.de> to get some more of our access
control bits right on the SAMR pipe.
Andrew Bartlett
Simo Sorce [Thu, 26 Sep 2002 10:31:51 +0000 (10:31 +0000)]
forgot include file, sorry
Andrew Bartlett [Thu, 26 Sep 2002 10:25:34 +0000 (10:25 +0000)]
Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> to do a *much*
better job of working with usrmgr. Previously we were blanking out entires,
and all sort of mischif.
The new patch (which I've now had a chance to test/modify) also takes care not
to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to store
\\server\user back) and to correctly notice 'not set' compared to 'null string'
etc.
Andrew Bartlett
Simo Sorce [Thu, 26 Sep 2002 09:50:53 +0000 (09:50 +0000)]
move all the passdb internal interface to NTSTATUS
only the interface has been fully moved to NTSTATUS
not all the plugins make full use of it, but have been all converted.
My testings passed completely, however a bit of more testing is welcome
Simo.
Jelmer Vernooij [Wed, 25 Sep 2002 19:33:04 +0000 (19:33 +0000)]
notify user when no {domains,accounts} were found
Jelmer Vernooij [Wed, 25 Sep 2002 17:10:58 +0000 (17:10 +0000)]
Add samtest command 'enum_accounts' + few typo fixes in sam/interface.c
Jelmer Vernooij [Wed, 25 Sep 2002 15:54:40 +0000 (15:54 +0000)]
add samtest commands:
- show_domain
- context
Gerald Carter [Wed, 25 Sep 2002 15:46:49 +0000 (15:46 +0000)]
fix getpass replacement check (i thought I fixed this a few days
ago....)
Andrew Bartlett [Wed, 25 Sep 2002 14:18:11 +0000 (14:18 +0000)]
Make it clear what this if statement applies to, and what it doesn't
Jelmer Vernooij [Wed, 25 Sep 2002 12:59:47 +0000 (12:59 +0000)]
remove extern for AllowDebugChange since we don't use it
Andrew Bartlett [Wed, 25 Sep 2002 12:32:17 +0000 (12:32 +0000)]
Fix the circular dependency that was preventing 'domain master = auto' (the
default) from working.
Andrew Bartlett
Andrew Bartlett [Wed, 25 Sep 2002 12:09:56 +0000 (12:09 +0000)]
Metze claims that without this his win2k server gets horribly confused looking
for all sorts of AD things in lp_realm(). We need to get some non-Win2k
NTLMSSP and chase this up a bit, but this will do for now.
(Hmm, this might affect NTLMv2 as well)
Andrew Bartlett
Andrew Bartlett [Wed, 25 Sep 2002 12:02:57 +0000 (12:02 +0000)]
Whenever we deal with adding machine/trusted domain accounts, always reset the
flag to what we expect. This handles the 'upgrade' from unixsam beter (where
all $ terminated accounts are machines).
Andrew Bartlett
Jelmer Vernooij [Wed, 25 Sep 2002 11:42:30 +0000 (11:42 +0000)]
Don't crash when a backend doesn't have a setsampwent function available - bug reported by metze
Andrew Bartlett [Wed, 25 Sep 2002 11:34:31 +0000 (11:34 +0000)]
This patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> cleans up
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
Jelmer Vernooij [Wed, 25 Sep 2002 11:19:48 +0000 (11:19 +0000)]
Fix debuglevel command-line argument
Jelmer Vernooij [Wed, 25 Sep 2002 11:08:16 +0000 (11:08 +0000)]
Compile samtest with LIBADS_OBJ and PASSDB_OBJ...
Jelmer Vernooij [Wed, 25 Sep 2002 10:17:08 +0000 (10:17 +0000)]
samtest should load smb.conf by default
add command-line option to samtest to specify alternate config file - use /dev/null
to don't load any config file..
add 'conf' command to load specified config file
Andrew Bartlett [Wed, 25 Sep 2002 09:56:36 +0000 (09:56 +0000)]
At least try to get this function picked up by the autoprototyper
Andrew Bartlett [Wed, 25 Sep 2002 09:55:41 +0000 (09:55 +0000)]
Kill of Get_Pwnam_Modify and smb_getpwnam(). The latter assumes some things
that just don't apply any more - now that we always keep username and domain
seperate. Also, the policy it was trying to permit is now implemented by the
auth code.
Andrew Bartlett
Andrew Bartlett [Wed, 25 Sep 2002 09:40:45 +0000 (09:40 +0000)]
Another patch from metze, towards his work on sam_ads.
See mx-ldap.sf.net for his current progress.
Andrew Bartlett [Wed, 25 Sep 2002 09:38:27 +0000 (09:38 +0000)]
Header files should not include includes.h - therein lies maddness, particuarly
if we ever want to get rid of the magic macros.
Andrew Bartlett [Wed, 25 Sep 2002 09:37:18 +0000 (09:37 +0000)]
Actually pick up the kerberos libs in RedHat - the previous shell construct
didn't seem to work properly.
Andrew Bartlett
Andrew Bartlett [Wed, 25 Sep 2002 09:35:45 +0000 (09:35 +0000)]
If adding a user to ldap, make sure we have the 'account' structural class, or
else we can't add to OpenLDAP 2.1
Andrew Bartlett [Wed, 25 Sep 2002 09:34:43 +0000 (09:34 +0000)]
Move to common user token debugging, and ensure we always print both the
NT_TOKEN and the unix credentials - as we incresingly use the NT stuff we want
to make it easy to check they don't get out of wack.
Andrew Bartlett
Andrew Bartlett [Wed, 25 Sep 2002 09:32:08 +0000 (09:32 +0000)]
Avoid a segfault in net join when you have not done an kinit, and it's falling
back to NTLMSSP. We need to get the password out of the user, and this
eventually does.
Andrew Bartlett
Tim Potter [Wed, 25 Sep 2002 06:25:02 +0000 (06:25 +0000)]
The security descriptor in a PRINTER_INFO_2 could be NULL. (Bong?)
Jeremy Allison [Wed, 25 Sep 2002 05:11:25 +0000 (05:11 +0000)]
Merge of "profile acls" code.
Jeremy.
Gerald Carter [Wed, 25 Sep 2002 05:01:51 +0000 (05:01 +0000)]
merge from APP_HEAD
Jeremy Allison [Tue, 24 Sep 2002 22:57:51 +0000 (22:57 +0000)]
Hold lock on NEXTJOB record for a very short time. Jerry needs to add code
to make this rebust w.r.t. stored devicemodes.
Jeremy.
Jeremy Allison [Tue, 24 Sep 2002 22:56:59 +0000 (22:56 +0000)]
Moved -ve cache check to correct place.
Jeremy.
Jelmer Vernooij [Tue, 24 Sep 2002 21:29:33 +0000 (21:29 +0000)]
enum_domains shouldn't crash when there are no domains available
Jelmer Vernooij [Tue, 24 Sep 2002 21:18:22 +0000 (21:18 +0000)]
Fix bug in get_methods_by_name
Fix bug in enum_domains
Add samtest commands:
- lookup_sid
- lookup_name
- enum_domains
- lookup_domain
Jelmer Vernooij [Tue, 24 Sep 2002 20:18:39 +0000 (20:18 +0000)]
- Don't put pointer to sam_domain_handle in sam_methods but single domainsid and domainname
- Allocate sam_methods, set domain_sid, domain_name and backend_name in make_sam_methods_backend_entry instead of in the backend
- Remove sam_context and domain_sid pointers from the sam_init_function - we don't need those arguments anymore since they're
available in sam_methods as well
Volker Lendecke [Tue, 24 Sep 2002 06:50:11 +0000 (06:50 +0000)]
This is a first working version of net rpc vampire. First do a net rpc
getsid, then join as a BDC, and then watch net rpc vampire suck out
the good stuff out of a PDC :-). It's not perfect, but it does quite a
bit for me. Watch out for more.
Volker
Richard Sharpe [Tue, 24 Sep 2002 06:44:37 +0000 (06:44 +0000)]
Make sure that Alfred Perlstein's changes get into head as smbprint and
that the old one becomes smbprint.old.
We still need to hack smbprint some more to make sure that we can pass
the username and password in a file rather than on the command line where
local hackers can see it.
John Terpstra [Tue, 24 Sep 2002 01:59:08 +0000 (01:59 +0000)]
Typos! Fix 'em!
John Terpstra [Tue, 24 Sep 2002 01:37:05 +0000 (01:37 +0000)]
Removed call to configure for VFS modules.
John Terpstra [Tue, 24 Sep 2002 01:12:11 +0000 (01:12 +0000)]
Updated in preparation for samba-3.0.0alpha20
Tim Potter [Mon, 23 Sep 2002 21:24:31 +0000 (21:24 +0000)]
Don't uppercase the username and domain in a session setup.
Volker Lendecke [Mon, 23 Sep 2002 17:50:04 +0000 (17:50 +0000)]
Ok, what's this? Samba as a PDC wants to authenticate a user coming in
to a native NT member server. If the logoff time in the samlogon reply
is set to something else but infinity, the tree connect to the member
server comes back with 'bad uid'. In my traces, NT PDC sends
0x7fff.. always. Weird, but true.
I would really like others to double-check this. If you have questions
regarding the setup, feel free to ask!
Thanks!
Volker
Richard Sharpe [Mon, 23 Sep 2002 16:54:32 +0000 (16:54 +0000)]
Update some help. People keep forgetting that!
Richard Sharpe [Mon, 23 Sep 2002 16:46:32 +0000 (16:46 +0000)]
Add net getlocalsid [name]
Volker Lendecke [Mon, 23 Sep 2002 16:21:01 +0000 (16:21 +0000)]
Ok, getting a bit more ambitious. Stop me, if this is wrong. ;-)
When creating a group you have to take care of the fact that the
underlying unix might not like the group name. This change gets around
that problem by giving the add group script the chance to invent a
group name. It then must only return the newly created numerical gid.
Volker
Volker Lendecke [Mon, 23 Sep 2002 15:36:02 +0000 (15:36 +0000)]
Cosmetic fix for debug message.
Volker Lendecke [Mon, 23 Sep 2002 15:00:09 +0000 (15:00 +0000)]
tdbdump also needs signal.h. Thanks to Guenther Deschner <gd@suse.de>
Volker
Volker Lendecke [Mon, 23 Sep 2002 10:05:15 +0000 (10:05 +0000)]
Add the ability to view/set the current local domain SIDs.
Volker
Gerald Carter [Mon, 23 Sep 2002 04:01:28 +0000 (04:01 +0000)]
* fix getpass check
* merge in AIX fixes from SAMBA_2_2
Andrew Bartlett [Mon, 23 Sep 2002 02:49:01 +0000 (02:49 +0000)]
Fix typo.
Richard Sharpe [Sun, 22 Sep 2002 16:22:48 +0000 (16:22 +0000)]
Small, long overdue, fix for libsmbclient.
Volker Lendecke [Sun, 22 Sep 2002 10:30:00 +0000 (10:30 +0000)]
Change parsing of policy and privs delta to what Ethereal says.
Volker
Volker Lendecke [Sat, 21 Sep 2002 14:14:40 +0000 (14:14 +0000)]
Sorry for the new parameter, but I think to really reflect what's coming
in via deltas, we need a way to set a user's primary group.
Volker
Jeremy Allison [Sat, 21 Sep 2002 08:53:05 +0000 (08:53 +0000)]
Merge back Richard's FreeBSD sendfile fixes.
Jeremy.
Andrew Tridgell [Sat, 21 Sep 2002 01:30:08 +0000 (01:30 +0000)]
enable 'map hidden' and 'create mask' to allow the new OPEN test to
succeed
Jeremy Allison [Fri, 20 Sep 2002 19:09:28 +0000 (19:09 +0000)]
"@" is valid in NetBIOS domain names.
Jeremy.
Jelmer Vernooij [Fri, 20 Sep 2002 16:59:48 +0000 (16:59 +0000)]
Add framework for samtest commands
Gerald Carter [Fri, 20 Sep 2002 16:09:59 +0000 (16:09 +0000)]
reran autoconf
Gerald Carter [Fri, 20 Sep 2002 15:11:31 +0000 (15:11 +0000)]
CUPS merge from SAMBA_2_2
Andrew Tridgell [Fri, 20 Sep 2002 09:37:02 +0000 (09:37 +0000)]
change ADS negprot to match more closely the options used by w2k. This
affects the principal used and the order of SPNEGO OIDs
Andrew Tridgell [Fri, 20 Sep 2002 09:34:35 +0000 (09:34 +0000)]
allow --with-krb5 to override the location of the kerberos libs on
redhat
Tim Potter [Thu, 19 Sep 2002 23:32:38 +0000 (23:32 +0000)]
remove proto headers on realclean
Jeremy Allison [Thu, 19 Sep 2002 18:20:38 +0000 (18:20 +0000)]
Use sendfile in readbraw.
Jeremy.
Jelmer Vernooij [Thu, 19 Sep 2002 17:40:55 +0000 (17:40 +0000)]
Move functionality to check whether entries for lp_workgroup() and "BUILTIN"
exist and add them if necessary from check_correct_backend_entries into
sam_context_check_default_backends. The reason for this is that we don't
always want to have BUILTIN and lp_workgroup() in a sam_context, for example
when doing sam2sam. check_correct_backend_entries has been renamed to
'check_duplicate_backend_entries' since that's what it currently does.
The sam_context_check_default_backends() function is only called
by sam_get_static_context(BOOL reload) currently currently.
Jeremy Allison [Thu, 19 Sep 2002 17:36:29 +0000 (17:36 +0000)]
tdb tools need #include <signal.h>
Jeremy.
Jelmer Vernooij [Thu, 19 Sep 2002 15:39:00 +0000 (15:39 +0000)]
Merge in first command for 'samtest'
Fix small bug in sam/interface.c
Make sam backend to default to a define
Volker Lendecke [Thu, 19 Sep 2002 12:34:39 +0000 (12:34 +0000)]
trivial comment fix
Tim Potter [Thu, 19 Sep 2002 05:49:14 +0000 (05:49 +0000)]
Remove hardcoded -I stuff. Hooray!
Tim Potter [Thu, 19 Sep 2002 05:47:50 +0000 (05:47 +0000)]
Clean up python extensions in clean target.
Pass more flags down to setup.py so we don't have to hard code any
-I directives.
Tim Potter [Thu, 19 Sep 2002 05:39:03 +0000 (05:39 +0000)]
Bong! The devmode could be NULL. Don't crash if this is the case.
Tim Potter [Thu, 19 Sep 2002 05:29:14 +0000 (05:29 +0000)]
Fixed bug in keyword args for enumprinterdataex
Tim Potter [Thu, 19 Sep 2002 00:26:07 +0000 (00:26 +0000)]
Moving to subdirectory.
Tim Potter [Thu, 19 Sep 2002 00:14:01 +0000 (00:14 +0000)]
Implement printerdata_ex as Python dictionary. Read only at the moment.
Jeremy Allison [Wed, 18 Sep 2002 20:36:50 +0000 (20:36 +0000)]
Added "use sendfile" per share option.
Jeremy.
Jeremy Allison [Wed, 18 Sep 2002 20:07:56 +0000 (20:07 +0000)]
HPUX sendfile is now detected correctly.
Jeremy.
Gerald Carter [Wed, 18 Sep 2002 19:06:58 +0000 (19:06 +0000)]
printjob merge from APP_HEAD regarding device modes
Jelmer Vernooij [Wed, 18 Sep 2002 13:34:47 +0000 (13:34 +0000)]
Update introduction somewhat
Jelmer Vernooij [Wed, 18 Sep 2002 13:16:07 +0000 (13:16 +0000)]
samtest and vfstest binaries shouldn't go into CVS...
Tim Potter [Wed, 18 Sep 2002 08:16:22 +0000 (08:16 +0000)]
Display the repr() of non-string dictionary values.
Volker Lendecke [Wed, 18 Sep 2002 06:34:10 +0000 (06:34 +0000)]
First code for 'net rpc vampire'. We should probably find a more
positive name for this. It creates users and global groups. More to come.
Volker
Richard Sharpe [Wed, 18 Sep 2002 06:11:13 +0000 (06:11 +0000)]
Add a synonym for samdump ...
Tim Potter [Wed, 18 Sep 2002 01:40:13 +0000 (01:40 +0000)]
Fixed compiler error when HAVE_KRB5 not defined.
Jeremy Allison [Wed, 18 Sep 2002 00:30:00 +0000 (00:30 +0000)]
We had a race condition when changing a machine acount password as we
were no longer locking the secrets entry. I saw this on a live system.
Jeremy.
Jeremy Allison [Tue, 17 Sep 2002 23:45:21 +0000 (23:45 +0000)]
Never, *ever* hold a mutex lock in the message database where there may
be traversals being attempted. Yes, this was from bitter experience (and
an out of control server :-). Also allow callers to break out of a tdb_chainlock
with sigalarm if desired.
Jeremy.
Jeremy Allison [Tue, 17 Sep 2002 20:53:21 +0000 (20:53 +0000)]
Reverted my earlier change. It was incorrect. We must be protected by
pidfile before doing secrets_init().
Jeremy.
Jeremy Allison [Tue, 17 Sep 2002 20:47:59 +0000 (20:47 +0000)]
Only create the pidfile once we're ready to receive requests.
This allows external programs to correctly synchronise with us.
Jeremy.
Jeremy Allison [Tue, 17 Sep 2002 19:48:19 +0000 (19:48 +0000)]
Actually use sendfile if selected.
Jeremy.
Andrew Tridgell [Tue, 17 Sep 2002 12:12:50 +0000 (12:12 +0000)]
Add clock skew handling to our kerberos code. This allows us to cope with
the DC being out of sync with the local machine.
Andrew Tridgell [Tue, 17 Sep 2002 12:09:46 +0000 (12:09 +0000)]
disable stat cache when case sensitive
Andrew Tridgell [Tue, 17 Sep 2002 12:08:55 +0000 (12:08 +0000)]
more const cleanups
Andrew Tridgell [Tue, 17 Sep 2002 12:07:47 +0000 (12:07 +0000)]
another const cleanup
Tim Potter [Tue, 17 Sep 2002 06:11:51 +0000 (06:11 +0000)]
Added --with-ldap (default=yes) option. We should now be able to
compile a non-ADS, non-LDAP version of Samba on a machine with
Kerberos and LDAP libraries installed.
This shouldn't break anything - let's keep an eye on the build
farm just in case.