last set of changes for rc1

9 files changed, 103 insertions, 57 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b69e60b6ad1..4f747a18d6e 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,12 +1,13 @@
                    WHATS NEW IN Samba 3.0.0 RC1
-                          Auguest 15 2003
+                          August 15 2003
                   ==============================
 
-This is the first release candiate snapshot of Samba 3.0.0. A release candiate 
-implies that the code is close to a final release, remember that this is still
-a non-production release intended for testing purposes.  Use at your own risk. 
+This is the first release candidate snapshot of Samba 3.0.0. A release 
+candidate implies that the code is very close to a final release, remember 
+that this is still a non-production release intended for testing purposes.  
+Use at your own risk. 
 
-The purpose of this beta release is to get wider testing of the major
+The purpose of this release candidate is to get wider testing of the major
 new pieces of code in the current Samba 3.0 development tree. 
 Please refer to the section on "Known Issues" for more details.
 
@@ -43,7 +44,7 @@ Major new features:
 
 8)  New loadable RPC modules.
 
-9)  New dual-daemon winbindd support for better performance.
+9)  New default dual-daemon winbindd support for better performance.
 
 10) Support for migrating from a Windows NT 4.0 domain to a Samba 
     domain and maintaining user, group and domain SIDs.
@@ -56,6 +57,9 @@ Major new features:
   
 13) Major updates to the Samba documentation tree.
 
+14) Full support for client and server SMB signing to ensure
+    compatibility with default Windows 2003 security settings.
+
 Plus lots of other improvements!
 
 
@@ -69,6 +73,7 @@ begin with the Samba-HOWTO-Collection for overviews and specific
 tasks (the current book is up to approximately 400 pages) and to 
 refer to the various man pages for information on individual options.
 
+
 ######################################################################
 Changes since 3.0beta3
 ######################
@@ -90,28 +95,29 @@ details
 9)  Fixes to avoid panics on invalid multi-byte strings.
 10) Fix error messages when creating a new smbpasswd file (bug 198).
 11) Implemented better detection routines in autoconf scripts for 
-    locating ads support on the host os.
-12) Fix bug that cuased libraries in /usr/local/lib to be ignored 
+    locating ads support on the host OS.
+12) Fix bug that caused libraries in /usr/local/lib to be ignored 
     (bug 174).
-13) Ensure winbind_ads uses the correct realm or domain name when 
+13) Ensure winbindd_ads uses the correct realm or domain name when 
     connecting to trusted DC.
 14) Ensure a correct prototype is created for snprintf() (bug 187)
 15) Stop files being created on read-only shares in some circumstances.
 16) Fix wbinfo -p (bug 251)
-17) Support schannel on any tcp/ip connection if neccessary
+17) Support schannel on any tcp/ip connection if necessary
 18) Correct bug in user_in_list() so that it works with winbind groups 
     again.
 19) Ensure the schannel bind credentials default to the domain 
     of the destination host.
 20) Default password expiration time in account_pol.tdb to never 
-    expire.
+    expire.  Remove any existing account_pol.tdb file to reset
+    the new default policy (bug 184). 
 21) Add buttons to SWAT to change the view of smb.conf (bug 212)
 22) Fix incorrect checks that determine whether or not the 'add user 
     script' has been set.
 23) More cleanup for internal character set conversions.
 24) Fixes for multi-byte strings in stat cache code.
-25) Ensure that the net comand honors the 'workgroup' parameter 
-    in smb.conf when not overidden from the command line.
+25) Ensure that the net command honors the 'workgroup' parameter 
+    in smb.conf when not overridden from the command line.
 26) Add gss-spnego support to the ntlm_auth tool.
 27) Add vfs_default_quota VFS module.
 28) Added server support for NT quota interfaces.
@@ -119,7 +125,8 @@ details
 30) Fix problems with winbindd and transitive trusts in AD domains.
 31) Added -S to client tools for setting SMB signing options on the 
     command line.
-32) Fix bug causing the passwd change program to not be called as root.
+32) Fix bug causing the 'passwd change program' to be called as the 
+    connected user and not root.
 33) Fixed data corruption bug in byte-range locking (e.g. affected MS Excel).
 34) Support winbindd on FreeBSD is possible.
 35) Look at the only first OID in the security blob sent in the session 
@@ -127,10 +134,10 @@ details
 36) Only push locks onto a blocking lock queue if the posix lock failed with 
     EACCES or EAGAIN (this means another lock conflicts). Else return an 
     error and don't queue the request.
-37) Fix command line arguement processing for smbtar.
+37) Fix command line argument processing for smbtar.
 38) Correct issue that caused smbd to return generic unix_user.<uid> 
     for lookupsid().
-39) Default to algorithimic mapping when generating a rid for a group
+39) Default to algorithmic mapping when generating a rid for a group
     mapping.
 40) Expand %g and %G in logon script, profile path, etc... during
     a domain logon (bug 208).
@@ -150,10 +157,10 @@ details
     our domain.
 49) Fix group enumeration bug when using an LDAP directory for 
     storing group mappings.
-50) Fallback to not using NTLMv2 when the extended security 
-    capability bit is not set.
-51) Fix crash in 'wbinfo -a' when using extended characters in the username
-    (bug 269).
+50) Default to use NTLMv2 if available.  Fallback to not using LM/NTLM
+    when the extended security capability bit is not set.
+51) Fix crash in 'wbinfo -a' when using extended characters in the 
+    username (bug 269).
 52) Fix multi-byte strupper() panics (bug 205).
 53) Add vfs_readonly VFS module.
 54) Make sure to initialize the sambaNextUserRid and sambaNextGroupRid
@@ -166,14 +173,14 @@ details
     286).
 58) Create symlinks during instal for modules that support mutliple
     functions (bug 91).
-59) More inconv detection fixes.
+59) More iconv detection fixes.
 60) Fix path length error in vfs_recycle module (bug 291).
 61) Added server support for the LSA_DS UUID on the \lsarpc pipe.
     (server DsRoleGetPrimaryDomainInfo() is currently disabled).
 62) Fix SMBseek and get/set position calls.
 62) Fix SetFileInfo level 1.
 63) Added tool to convert smbd log file to a pcap file (log2pcaphex).
-64) 
+
 
 
 Changes since 3.0beta3
@@ -475,6 +482,7 @@ New Parameters (new parameters have been grouped by function):
   * ntlm auth
   * paranoid server security
   * server schannel
+  * server signing
   * smb ports
   * use spnego
 
@@ -608,6 +616,14 @@ aware of when moving to Samba 3.0.
      with an Active Directory domain using the native Windows
      Kerberos 5 and LDAP protocols.
 
+     MIT kerberos 1.3.1 supports the ARCFOUR-HMAC-MD5 encryption 
+     type which is neccessary for servers on which the 
+     administrator password has not been changed, or kerberos-enabled 
+     SMB connections to servers that require Kerberos SMB signing.
+     Besides this one difference, either MIT or Heimdal Kerberos
+     distributions are usable by Samba 3.0.
+     
+
 Samba 3.0 also includes the possibility of setting up chains
 of authentication methods (auth methods) and account storage 
 backends (passdb backend).  Please refer to the smb.conf(5) 
diff --git a/source/aclocal.m4 b/source/aclocal.m4
index 88f055f9ba0..a6aa1bb1de3 100644
--- a/source/aclocal.m4
+++ b/source/aclocal.m4
@@ -610,10 +610,9 @@ AC_DEFUN(jm_ICONV,
   fi
 ])
 
-AC_DEFUN(rjs_CHARSET
-[
+AC_DEFUN(rjs_CHARSET,[
   dnl Find out if we can convert from $1 to UCS2-LE
-  AC_MSG_CHECKING(we can convert from $1 to UCS2-LE)
+  AC_MSG_CHECKING([can we convert from $1 to UCS2-LE?])
   AC_TRY_RUN([
 #include <$jm_cv_include>
 main(){
@@ -623,10 +622,8 @@ main(){
     }
     return 0;
 }
-  ],ICONV_CHARSET=$1,ICONV_CHARSET="",])
-  if test x"$ICONV_CHARSET" != x; then
-     AC_MSG_RESULT($ICONV_CHARSET)
-  fi
+  ],ICONV_CHARSET=$1,ICONV_CHARSET=no,ICONV_CHARSET=cross)
+  AC_MSG_RESULT($ICONV_CHARSET)
 ])
 
 dnl CFLAGS_ADD_DIR(CFLAGS, $INCDIR)
diff --git a/source/configure.in b/source/configure.in
index 6f38adfd92b..7de985247f2 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -1569,30 +1569,65 @@ dnl there might be a working iconv further down the list of LOOK_DIRS
         if test x"$ICONV_PATH_SPEC" = "xyes" ; then
            LIBS="$LIBS -L$ICONV_LOCATION/lib"
         fi
-        AC_CACHE_CHECK([for working iconv],samba_cv_HAVE_NATIVE_ICONV,[
-        AC_TRY_RUN([
-#include <$jm_cv_include>
-main(){
-    iconv_t cd = iconv_open("ASCII", "UCS-2LE");
-    if (cd == 0 || cd == (iconv_t)-1) {
-       cd = iconv_open("CP850", "UCS-2LE");
-       if (cd == 0 || cd == (iconv_t)-1) {
-          cd = iconv_open("IBM850", "UCS-2LE"); /* Solaris has this */
-          if (cd == 0 || cd == (iconv_t)-1) {
-            return -1;
-          }
-       }
-    }
-    return 0;
-}
-        ],
-        samba_cv_HAVE_NATIVE_ICONV=yes,samba_cv_HAVE_NATIVE_ICONV=no,samba_cv_HAVE_NATIVE_ICONV=cross)])
+dnl        AC_CACHE_CHECK([for working iconv],samba_cv_HAVE_NATIVE_ICONV,[
+	default_dos_charset=no
+	default_display_charset=no
+	default_unix_charset=no
+	echo
+
+	# check for default dos charset name
+	for j in CP850 IBM850 ; do
+	    rjs_CHARSET($j)
+	    if test x"$ICONV_CHARSET" = x"$j"; then
+		default_dos_charset="\"$j\""
+		break
+	    fi
+	done
+	# check for default display charset name
+	for j in ASCII 646 ; do
+	    rjs_CHARSET($j)
+	    if test x"$ICONV_CHARSET" = x"$j"; then
+		default_display_charset="\"$j\""
+		break
+	    fi
+	done
+	# check for default unix charset name
+	for j in UTF-8 UTF8 ; do
+	    rjs_CHARSET($j)
+	    if test x"$ICONV_CHARSET" = x"$j"; then
+		default_unix_charset="\"$j\""
+		break
+	    fi
+	done
+	
+	if test "$default_dos_charset" != "no" -a \
+		"$default_dos_charset" != "cross" -a \
+		"$default_display_charset" != "no" -a \ 
+		"$default_display_charset" != "cross" -a \
+		"$default_unix_charset" != "no" -a \
+		"$default_unix_charset" != "cross"
+	then
+		samba_cv_HAVE_NATIVE_ICONV=yes
+	else if test "$default_dos_charset" = "cross" -o \
+		     "$default_display_charset" = "cross" -o \
+		     "$default_unix_charset" = "cross"
+	then
+		samba_cv_HAVE_NATIVE_ICONV=cross
+	else
+		samba_cv_HAVE_NATIVE_ICONV=no
+	fi
+	fi
+dnl ])
+
         LIBS="$ic_save_LIBS"
         if test x"$samba_cv_HAVE_NATIVE_ICONV" = x"yes"; then
 		CPPFLAGS=$save_CPPFLAGS
 		CFLAGS_ADD_DIR(CPPFLAGS, "$i/include")
 		export CPPFLAGS
            AC_DEFINE(HAVE_NATIVE_ICONV,1,[Whether to use native iconv])
+	   AC_DEFINE_UNQUOTED(DEFAULT_DOS_CHARSET,$default_dos_charset,[Default dos charset name])
+	   AC_DEFINE_UNQUOTED(DEFAULT_DISPLAY_CHARSET,$default_display_charset,[Default display charset name])
+	   AC_DEFINE_UNQUOTED(DEFAULT_UNIX_CHARSET,$default_unix_charset,[Default unix charset name])
            break
         fi
 dnl We didn't find a working iconv, so keep going
diff --git a/source/include/includes.h b/source/include/includes.h
index 0179064a6ad..29bb53980fe 100644
--- a/source/include/includes.h
+++ b/source/include/includes.h
@@ -1278,7 +1278,7 @@ time_t timegm(struct tm *tm);
 
 #if defined(HAVE_KRB5)
 
-#ifndef KRB5_SET_REAL_TIME
+#ifndef HAVE_KRB5_SET_REAL_TIME
 krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
 #endif
 
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index 5838f301c49..308ce31fd08 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -364,9 +364,6 @@ void cli_nt_netlogon_netsec_session_close(struct cli_state *cli)
 
 void cli_close_connection(struct cli_state *cli)
 {
-	if ( !cli )
-		return;
-		
 	cli_nt_session_close(cli);
 	cli_nt_netlogon_netsec_session_close(cli);
 
diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c
index 9041401e52c..19babae46b6 100644
--- a/source/nsswitch/winbindd_ads.c
+++ b/source/nsswitch/winbindd_ads.c
@@ -377,10 +377,8 @@ static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
 	rc = ads_search_retry(ads, &res, ldap_exp, attrs);
 	SAFE_FREE(ldap_exp);
 	SAFE_FREE(escaped_dn);
-	if ( !res )
-		goto failed;
 
-	if (!res || !ADS_ERR_OK(rc)) {
+	if (!ADS_ERR_OK(rc)) {
 		goto failed;
 	}
 
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 70efa8042b0..7982b87ffc6 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -1310,18 +1310,18 @@ static void init_globals(void)
 	string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
 
 	/* using UTF8 by default allows us to support all chars */
-	string_set(&Globals.unix_charset, "UTF8");
+	string_set(&Globals.unix_charset, DEFAULT_UNIX_CHARSET);
 
 #if defined(HAVE_NL_LANGINFO) && defined(CODESET)
 	/* If the system supports nl_langinfo(), try to grab the value
 	   from the user's locale */
 	string_set(&Globals.display_charset, "LOCALE");
 #else
-	string_set(&Globals.display_charset, "ASCII");
+	string_set(&Globals.display_charset, DEFAULT_DISPLAY_CHARSET);
 #endif
 
 	/* Use codepage 850 as a default for the dos character set */
-	string_set(&Globals.dos_charset, "CP850");
+	string_set(&Globals.dos_charset, DEFAULT_DOS_CHARSET);
 
 	/*
 	 * Allow the default PASSWD_CHAT to be overridden in local.h.
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index 725672da69d..646aac347c9 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -2668,6 +2668,8 @@ static BOOL srv_spoolss_replyopenprinter(int snum, const char *printer,
 
 		fstrcpy(unix_printer, printer+2); /* the +2 is to strip the leading 2 backslashs */
 
+		ZERO_STRUCT(notify_cli);
+
 		if(!spoolss_connect_to_client(&notify_cli, client_ip, unix_printer))
 			return False;
 			
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 36d135c73d1..2f8743a1383 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -1724,6 +1724,7 @@ static int rpc_trustdom_add(int argc, const char **argv)
 static int rpc_trustdom_del(int argc, const char **argv)
 {
 	d_printf("Sorry, not yet implemented.\n");
+	d_printf("Use 'smbpasswd -x -i' instead.\n");
 	return -1;
 }