cvs2svn Import User [Mon, 15 Dec 2003 14:54:56 +0000 (14:54 +0000)]
This commit was manufactured by cvs2svn to create tag
'release-3-0-1'.
Gerald Carter [Mon, 15 Dec 2003 14:54:55 +0000 (14:54 +0000)]
decided to accept the specfile changes and recut the tarball
Gerald Carter [Mon, 15 Dec 2003 04:12:17 +0000 (04:12 +0000)]
preparing for release of 3.0.1
Gerald Carter [Mon, 15 Dec 2003 03:26:22 +0000 (03:26 +0000)]
final changes for 3.0.1
Gerald Carter [Thu, 11 Dec 2003 22:30:05 +0000 (22:30 +0000)]
more final touches on 3.0.1; sync from 3.0 tree
Gerald Carter [Thu, 11 Dec 2003 16:42:08 +0000 (16:42 +0000)]
bumping version since i've added other changes since 3.0.1rc2
Gerald Carter [Thu, 11 Dec 2003 15:58:33 +0000 (15:58 +0000)]
sync compiler warning fixes from 3.0; packaging updates; and start on WHATSNEW for 3.0.1 final
Gerald Carter [Thu, 11 Dec 2003 04:13:48 +0000 (04:13 +0000)]
preparing for release of 3.0.1rc2
Gerald Carter [Wed, 10 Dec 2003 21:57:14 +0000 (21:57 +0000)]
last show stoppers for 3.0.1rc2 (i really mean it this time)
Gerald Carter [Wed, 10 Dec 2003 04:51:09 +0000 (04:51 +0000)]
don't list changes in rc1 again in rc2
Gerald Carter [Wed, 10 Dec 2003 04:48:23 +0000 (04:48 +0000)]
updating WHATSNEW for release
Gerald Carter [Wed, 10 Dec 2003 04:34:09 +0000 (04:34 +0000)]
sync source for 3.0.1rc2
Gerald Carter [Wed, 10 Dec 2003 04:31:05 +0000 (04:31 +0000)]
syncing examples & packaging files for 3.0.1rc2
cvs2svn Import User [Tue, 9 Dec 2003 21:31:39 +0000 (21:31 +0000)]
This commit was manufactured by cvs2svn to create branch
'SAMBA_3_0_RELEASE'.
Gerald Carter [Tue, 9 Dec 2003 21:31:38 +0000 (21:31 +0000)]
working on packaging; also fixed some path issues in configure.in & Makefile.in
Jeremy Allison [Tue, 9 Dec 2003 18:34:26 +0000 (18:34 +0000)]
Final part of fix for #445. Don't add user for machine accounts.
Jeremy.
Gerald Carter [Tue, 9 Dec 2003 18:20:48 +0000 (18:20 +0000)]
fix bug in get_peer_name() caused by --enable-developer and using the same src & dest strings to alpha_strcpy(); reported by Michael Young
Jeremy Allison [Tue, 9 Dec 2003 02:29:24 +0000 (02:29 +0000)]
Make intent to return only one address clear.
Jeremy.
Gerald Carter [Mon, 8 Dec 2003 17:42:26 +0000 (17:42 +0000)]
working on bug 687; protect against null src strings in alloc_sub_basic()
Gerald Carter [Mon, 8 Dec 2003 17:42:21 +0000 (17:42 +0000)]
make sure we use a real network address in case there are extra non-zero octets in hosts allow/deny
Andrew Bartlett [Sun, 7 Dec 2003 11:06:40 +0000 (11:06 +0000)]
Merge from 3.0:
source/libsmb/ntlmssp.c:
Picked up by the build farm - despite all my efforts, security=server was
broken by my NTLM2 commit. This should correctly cause the NTLM2 case
not to be negotiated when 'security=server' is in effect.
testsuide/build_farm/runlist:
Without 'non unix accounts' we can't test security=domain on the build farm.
source/rpc_server/srv_samr_nt.c:
Match Win2k and return 'invalid parameter' for creating of a new account with
account flags of 0.
Andrew Bartlett
Jeremy Allison [Sat, 6 Dec 2003 02:33:59 +0000 (02:33 +0000)]
Fix for bug #445 (missing unix user on kerberos auth doesn't call add user
script).
Jeremy.
Gerald Carter [Fri, 5 Dec 2003 21:52:17 +0000 (21:52 +0000)]
fix %a variable for Windows 2003 -> Win2K3
Jeremy Allison [Fri, 5 Dec 2003 21:01:23 +0000 (21:01 +0000)]
Janitor for tridge...
Jeremy.
Gerald Carter [Fri, 5 Dec 2003 17:21:00 +0000 (17:21 +0000)]
packaging updates from Buchan
Gerald Carter [Fri, 5 Dec 2003 15:27:58 +0000 (15:27 +0000)]
create libdir for installclientlib; patch from Bill Knox
Gerald Carter [Thu, 4 Dec 2003 22:05:15 +0000 (22:05 +0000)]
preparing for release of 3.0.1rc1
Gerald Carter [Thu, 4 Dec 2003 22:02:05 +0000 (22:02 +0000)]
updating top 0.8.2-1 of the smbldap tools
Gerald Carter [Thu, 4 Dec 2003 21:35:54 +0000 (21:35 +0000)]
adding Steve's recent change
updating WHATSNEW
Gerald Carter [Thu, 4 Dec 2003 20:35:40 +0000 (20:35 +0000)]
syncing tree for 3.0.1rc1
Gerald Carter [Thu, 4 Dec 2003 20:22:19 +0000 (20:22 +0000)]
fix process_incoming_data() to return the number of bytes handled this call whether we have a complete pdu or not; fixes bug with multiple pdu request rpc's broken over SMBwriteX calls each
Gerald Carter [Thu, 4 Dec 2003 16:39:11 +0000 (16:39 +0000)]
typo in BASEDIR; patch from Darren Chew
Gerald Carter [Thu, 4 Dec 2003 05:02:25 +0000 (05:02 +0000)]
readding schema items that were accidentally deleted
Gerald Carter [Thu, 4 Dec 2003 04:52:49 +0000 (04:52 +0000)]
support munged dial for ldapsam; patch from Aurélien Degrémont; bug 800
Gerald Carter [Thu, 4 Dec 2003 04:32:22 +0000 (04:32 +0000)]
don't crash on a NULL priviledge pointer; patch from Jianliang Lu
Gerald Carter [Thu, 4 Dec 2003 04:08:32 +0000 (04:08 +0000)]
* fix RemoveSidForeignDomain() ; bug 252
* don't fall back to unmapped UNIX group for
get_local_group_from_sid()
* remove an extra become/unbecome_root() pair
from group enumeration
Jeremy Allison [Wed, 3 Dec 2003 23:16:24 +0000 (23:16 +0000)]
Fix for "hash" (not hash2) type mangling. Noticed by "Forrest W. Christian" <fwc@mt.net>
Jeremy.
Volker Lendecke [Tue, 2 Dec 2003 11:41:42 +0000 (11:41 +0000)]
Two trivial warnings
Volker
Jeremy Allison [Mon, 1 Dec 2003 22:55:41 +0000 (22:55 +0000)]
Client connect signing error messages should be level zero else
they're easy to miss.
Jeremy.
Jeremy Allison [Mon, 1 Dec 2003 22:46:49 +0000 (22:46 +0000)]
Get a little paranoid about memfree use in convert_string_allocate..
Looking at crash bugs #809 and others.
Jeremy.
Gerald Carter [Mon, 1 Dec 2003 19:58:53 +0000 (19:58 +0000)]
another strequal() == 0 fix
Gerald Carter [Mon, 1 Dec 2003 19:26:32 +0000 (19:26 +0000)]
fix inverted logic caused by s/strcmp/strequal/; host allow/deny works again; bug 846
Gerald Carter [Mon, 1 Dec 2003 18:38:08 +0000 (18:38 +0000)]
add Replicator and RAS Servers to list of builtin SIDs we resolve; bug 608
Gerald Carter [Mon, 1 Dec 2003 18:02:30 +0000 (18:02 +0000)]
don't mistake pre-existing UNIX jobs for smb jobs; patch from SATOH Fumiyasu bug 770
Volker Lendecke [Mon, 1 Dec 2003 14:13:20 +0000 (14:13 +0000)]
In the brief 'net rpc group' listing, don't cut off group names at 21 chars.
Volker
Volker Lendecke [Mon, 1 Dec 2003 14:08:15 +0000 (14:08 +0000)]
Beautify the net status help message a bit
Volker
cvs2svn Import User [Mon, 1 Dec 2003 14:02:25 +0000 (14:02 +0000)]
This commit was manufactured by cvs2svn to create branch
'SAMBA_3_0_RELEASE'.
Volker Lendecke [Mon, 1 Dec 2003 14:02:24 +0000 (14:02 +0000)]
I needed a decently parseable format of smbstatus. Looking at smbstatus code
tells me that this should not be expanded, so I implemented
net status [sessions|shares] [parseable]
Volker
Jeremy Allison [Mon, 1 Dec 2003 06:59:56 +0000 (06:59 +0000)]
Fix spurious error msg. when seq=0.
Jeremy.
Jeremy Allison [Mon, 1 Dec 2003 06:53:21 +0000 (06:53 +0000)]
Ensure the server can cope with multiple secondary trans
requests when signing is turned on.
Jeremy.
Jeremy Allison [Mon, 1 Dec 2003 06:19:14 +0000 (06:19 +0000)]
Subtract NT_STATUS from common flag, don't add it...
Jeremy.
Jeremy Allison [Mon, 1 Dec 2003 03:24:53 +0000 (03:24 +0000)]
Ensure we use the same mid for the secondary trans requests, W2K3
does this.
Jeremy.
Jeremy Allison [Mon, 1 Dec 2003 02:25:53 +0000 (02:25 +0000)]
Don't automatically set nt status code flag unless client tells us it can
cope.
Jeremy.
Jeremy Allison [Mon, 1 Dec 2003 01:04:02 +0000 (01:04 +0000)]
Better fix for client signing bug. Ensure we don't malloc/free trans signing
state info each packet.
Jeremy.
Jeremy Allison [Sun, 30 Nov 2003 19:40:53 +0000 (19:40 +0000)]
Fix signing bug with secondary client trans requests. Turns out the last
packet is the one that matters for checking the signing replies. Need to
check the server code does this correctly too....
Bug #832 reported by Volker.
Jeremy.
Volker Lendecke [Fri, 28 Nov 2003 15:10:30 +0000 (15:10 +0000)]
Implement 'net rpc group list [global|local|builtin]*' for a select listing of
the respective user databases.
Volker
Jeremy Allison [Thu, 27 Nov 2003 18:34:40 +0000 (18:34 +0000)]
Fix for pdbedit error code returns (sorry, forgot who sent in the patch).
Jeremy.
Volker Lendecke [Thu, 27 Nov 2003 17:32:13 +0000 (17:32 +0000)]
Only ask for 512 names at a time.
Volker
Gerald Carter [Thu, 27 Nov 2003 04:40:58 +0000 (04:40 +0000)]
use samr_dispinfo(level == 1) for enumerating domain users so we can include the full name in gecos field; bug 587
Jeremy Allison [Wed, 26 Nov 2003 20:58:51 +0000 (20:58 +0000)]
Patch from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de> to add
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP
to configure.in (this took a *long* time to track down) to make autoconf
work correctly on Fedora Core 1.
Jeremy.
Volker Lendecke [Wed, 26 Nov 2003 10:09:59 +0000 (10:09 +0000)]
Implement "net rpc group members": Get members of a domain group in
human-readable format.
Volker
Volker Lendecke [Wed, 26 Nov 2003 10:01:31 +0000 (10:01 +0000)]
Get rid of a const warning
Volker
Andrew Bartlett [Wed, 26 Nov 2003 00:07:55 +0000 (00:07 +0000)]
Merge from 3.0:
- NTLM2 fixes, don't force NTLM2
- Don't use NTLM2 for RPC, it doesn't work yet
- Add comments to winbindd_pam.c
- Merge 64 bit fixes and better debug messages in winbindd.c
Andrew Bartlett
Jeremy Allison [Tue, 25 Nov 2003 23:25:15 +0000 (23:25 +0000)]
Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bits
if the file has an ACL.
Jeremy.
Gerald Carter [Tue, 25 Nov 2003 19:17:20 +0000 (19:17 +0000)]
allow users to delete jobs with cups printing backend
The changes the name of the job passed off to cups
from "Test Page" to "smbprn.
00000033 Test Page" so that
we can get the smb jobid back from lpq. Working on bug
770.
Jeremy Allison [Tue, 25 Nov 2003 18:15:49 +0000 (18:15 +0000)]
If signing starts successfully, don't just turn it off automatically if
it fails later. Only turn it off automatically if it fails at the start.
Jeremy.
Jeremy Allison [Tue, 25 Nov 2003 02:04:10 +0000 (02:04 +0000)]
Patch for #263 from jpjanosi@us.ibm.com.
Jeremy.
Jeremy Allison [Tue, 25 Nov 2003 00:32:48 +0000 (00:32 +0000)]
When server signing is set to "auto", if the client doesn't sign just
ignore it. Only fail if signing is set to "required".
Jeremy.
Gerald Carter [Mon, 24 Nov 2003 20:22:41 +0000 (20:22 +0000)]
strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in check_bind_response()
Jeremy Allison [Mon, 24 Nov 2003 20:18:44 +0000 (20:18 +0000)]
Added "passwd chat timeout" parameter. Docs to follow.
Jeremy.
Gerald Carter [Mon, 24 Nov 2003 18:38:15 +0000 (18:38 +0000)]
patch from Matthias Hilbig for bug 467; use the dns name (or IP) as the originating client name when using CUPS
Gerald Carter [Mon, 24 Nov 2003 17:33:15 +0000 (17:33 +0000)]
more access fixes for group enumeration in LDAP; bug 281
Andrew Bartlett [Sun, 23 Nov 2003 00:23:26 +0000 (00:23 +0000)]
(Merge from 3.0)
Patch by emil@disksites.com <Emil Rasamat> to ensure we always always
free() each auth method. (We had relied on the use of talloc() only,
despite providing the free() callback)
Andrew Bartlett
Andrew Bartlett [Sun, 23 Nov 2003 00:22:17 +0000 (00:22 +0000)]
Merge from 3.0:
Add support for variable-length session keys in our client code.
This means that we now support 'net rpc join' with KRB5 (des based)
logins. Now, you need to hack 'net' to do that, but the principal is
important...
When we add kerberos to 'net rpc', it should be possible to still do
user management and the like over RPC.
-
Add server-side support for variable-length session keys (as used by
DES based krb5 logins).
Andrew Bartlett
Andrew Bartlett [Sat, 22 Nov 2003 13:29:02 +0000 (13:29 +0000)]
(merge from 3.0)
Changes all over the shop, but all towards:
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to
merge the 'client' and 'server' functions, so they both operate on a
single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of
data structures...
Andrew Bartlett
Gerald Carter [Sat, 22 Nov 2003 06:17:46 +0000 (06:17 +0000)]
debug and swat fixes from 3.0
Gerald Carter [Sat, 22 Nov 2003 04:49:32 +0000 (04:49 +0000)]
fix winbind ping call so that SWAT correctly determines if winbindd is running; bug 398
Gerald Carter [Sat, 22 Nov 2003 04:35:36 +0000 (04:35 +0000)]
Ensure that items in a list of strings containing whitespace
are written out surrounded by single quotes. This means that
both double and single quotes are now used to surround
strings in smb.conf. This is a slight change from the previous
behavior but needed or else things like
printer admin = +ntadmin, 'VALE\Domain, Admin'
get written to smb.conf by SWAT.
Jeremy Allison [Fri, 21 Nov 2003 23:01:34 +0000 (23:01 +0000)]
Fix for rename across filesystems. Noticed by Rainer Link <link@foo.fh-furtwangen.de>.
Jeremy.
Jeremy Allison [Fri, 21 Nov 2003 19:20:51 +0000 (19:20 +0000)]
Fix Jerry's no-proto bug :-).
Jeremy.
Gerald Carter [Fri, 21 Nov 2003 19:12:33 +0000 (19:12 +0000)]
make sure we don't append the ldap suffix when writing out the ldap XXX suffix values in SWAT; based on tpot's original patch; bug 328
Rafal Szczesniak [Thu, 20 Nov 2003 23:54:13 +0000 (23:54 +0000)]
Typo fix.
Rafal Szczesniak [Wed, 19 Nov 2003 23:14:21 +0000 (23:14 +0000)]
Added useful information to debug lines.
Patch by metze.
rafal
Jeremy Allison [Wed, 19 Nov 2003 22:57:53 +0000 (22:57 +0000)]
Look at error before using it in debug statement.
Jeremy.
Jeremy Allison [Wed, 19 Nov 2003 02:19:33 +0000 (02:19 +0000)]
Group quotas patch from "Heinreichsberger, Helmut" <Helmut.Heinreichsberger@wincor-nixdorf.com>
Jeremy.
Jeremy Allison [Wed, 19 Nov 2003 00:22:47 +0000 (00:22 +0000)]
Correct fix for '$' termination test.
Jeremy.
Rafal Szczesniak [Tue, 18 Nov 2003 20:06:10 +0000 (20:06 +0000)]
Fix to correct checking of '$' name termination.
Patch by metze.
rafal
Rafal Szczesniak [Tue, 18 Nov 2003 19:39:51 +0000 (19:39 +0000)]
Useful debug message. Patch by metze.
rafal
Jeremy Allison [Tue, 18 Nov 2003 02:06:46 +0000 (02:06 +0000)]
Remove unneeded second open for filename ending in '.' now we know it's
a mangled name. Added const. Fix inspired by Andrew Bartlett ideas.
Jeremy.
Jeremy Allison [Tue, 18 Nov 2003 01:47:15 +0000 (01:47 +0000)]
Ensure we mangle names ending in '.' in hash2 mangling method.
Jeremy.
Jeremy Allison [Mon, 17 Nov 2003 22:07:23 +0000 (22:07 +0000)]
Fix from Andrew Bartlett to fix up the munged-dial problem.
Jeremy.
Volker Lendecke [Mon, 17 Nov 2003 18:01:28 +0000 (18:01 +0000)]
From 3_0:
This fixes a bug when establishing trust against a german W2k3 AD server. In
the bind response to WKSSVC it does not send \PIPE\ntsvcs as NT4 (did not
check w2k) but \PIPE\wkssvc. I'm not sure whether we should make this check at
all, so making it a bit more liberal should hopefully not really hurt.
Volker
Gerald Carter [Mon, 17 Nov 2003 16:11:16 +0000 (16:11 +0000)]
* make sure we only enumerate group mapping entries
(not /etc/group) even when doing local aliases
* remove "hide local users" parameter; we have this
behavior built into 3.0
Gerald Carter [Mon, 17 Nov 2003 14:16:55 +0000 (14:16 +0000)]
updates from Buchan
Simo Sorce [Sun, 16 Nov 2003 09:11:38 +0000 (09:11 +0000)]
do not build config_ldap by default
(forget to remove the module from the default list after testing :-)
Simo Sorce [Sat, 15 Nov 2003 00:52:06 +0000 (00:52 +0000)]
add also the schema attributes and object classes need by config_ldap
Jerry,
if you have any problems with these schema additions, let me know, so that
we can arrange the right solution
Simo Sorce [Sat, 15 Nov 2003 00:47:29 +0000 (00:47 +0000)]
Split smbldap in a core file and a utility file
Add module support for configuration loading
Add a first implementation of config_ldap module to put samba configuration
on ldap
It worked on my test machine, please try it out and send bugfixes :-)
have fun,
Simo.
INSTRUCTIONS:
Just add something like this to your smb.conf file:
config backend = config_ldap:ldap://localhost
config_ldap:basedn = dc=samba,dc=org
the config tree must follow this scheme:
ou=foo, dc=samba, dc=org <- global section
|- sambaOptionName=log level, ou=foo, ... <- options
|- ...
|- sambaShareName=testlc, ou=foo, ... == [testlc]
|- sambaOptionName=path, sambaShareName=testlc, ou=foo, ... <- option
here is a sample ldif:
# foo, samba, org
dn: ou=foo, dc=samba, dc=org
objectClass: organizationalUnit
objectClass: sambaConfig
ou: foo
description: Test Foo
# log level, foo, samba, org
dn: sambaOptionName=log level, ou=foo, dc=samba, dc=org
objectClass: sambaConfigOption
sambaOptionName: log level
sambaIntegerOption: 10
description: log level 10 is suitable for good debugging
# testlc, foo, samba, org
dn: sambaShareName=testlc, ou=foo, dc=samba, dc=org
objectClass: sambaShare
sambaShareName: testlc
description: share to test ldap config module actually works
# path, testlc, foo, samba, org
dn: sambaOptionName=path, sambaShareName=testlc, ou=foo, dc=samba, dc=org
objectClass: sambaConfigOption
sambaOptionName: path
sambaStringOption: /tmp
description: Path for share testlc
# read only, testlc, foo, samba, org
dn: sambaOptionName=read only, sambaShareName=testlc, ou=foo, dc=samba,
dc=org
objectClass: sambaConfigOption
sambaOptionName: read only
sambaBoolOption: TRUE
description: Share testlc is read only
# guest ok, testlc, foo, samba, org
dn: sambaOptionName=guest ok, sambaShareName=testlc, ou=foo, dc=samba,
dc=org
objectClass: sambaConfigOption
sambaOptionName: guest ok
sambaBoolOption: TRUE
description: Guest users are allowed to connect to testlc share
Gerald Carter [Fri, 14 Nov 2003 03:44:53 +0000 (03:44 +0000)]
preparing for release of 3.0.1pre3
Gerald Carter [Fri, 14 Nov 2003 03:36:27 +0000 (03:36 +0000)]
fix more memory leaks in the LDAP backend code; patches from metze
Gerald Carter [Fri, 14 Nov 2003 03:36:13 +0000 (03:36 +0000)]
sync tree from 3.0