summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17617: Take Andrew Bartletts excellent advice and don't storeJeremy Allison3-10/+63
the nt hash directly in the winbindd cache, store a salted version (MD5 of salt + nt_hash). This is what we do in the LDAP password history code. We store this salted cache entry under the same name as an old entry (CRED/<sid>) but detect it on read by checking if there are 17 bytes of data after the first stored hash (1 byte len, 16 bytes hash). GD PLEASE CHECK. Jeremy. (This used to be commit 89d0163a97edaa46049406ea3e2152bee4e0d1b2)
2007-10-10r17616: Add the lm and nt hashes to the cached credentialsJeremy Allison3-28/+52
stored - only store the password if we're going to be doing a krb5 refresh. GD please review this change ! Now to add code to reference count the cached creds (to allow multiple pam_logon/pam_logoffs to keep the creds around), ensure that the cred cache is called on all successful pam_logons (if we have winbindd cache pam credentials = true, set this by default) and finally ensure the creds cache is changed on successful password change. GD - you *really* need to review this :-). Jeremy. (This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
2007-10-10r17612: Modify NTLMSSP session code so that it doesn't storeJeremy Allison3-41/+86
a copy of the plaintext password, only the NT and LM hashes (all it needs). Fix smbencrypt to expose hash verions of plaintext function. Andrew Bartlett, you might want to look at this for gensec. This should make it easier for winbindd to store cached credentials without having to store plaintext passwords in an NTLM-only environment (non krb5). Jeremy. (This used to be commit 629faa530f0422755823644f1c23bea74830912f)
2007-10-10r17610: Added the ability for firefox to drive the winbinddJeremy Allison9-15/+448
ntlm_auth module to allow it to use winbindd cached credentials.The credentials are currently only stored in a krb5 MIT environment - we need to add an option to winbindd to allow passwords to be stored even in an NTLM-only environment. Patch from Robert O'Callahan, modified with some fixes by me. Jeremy. (This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
2007-10-10r17607: Adapt the Samba4 directory structure for tdb. Makes it easier to diff.Volker Lendecke35-45/+631
Let's see what it breaks. For me it works :-) Volker (This used to be commit 337be14b432e5dfd80c7418b2db4fe0087259b77)
2007-10-10r17606: Introduce krb5_to_ntstatus.Volker Lendecke2-18/+54
Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 6e641c90b8f52a822a83701cdf305c60416d7f0c)
2007-10-10r17605: Some C++ warningsVolker Lendecke10-43/+63
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r17604: Fix a bug caught by g++.Volker Lendecke1-1/+1
Jeremy, please check this! Volker (This used to be commit 8117a7b3bf3f273dd018c42864b3136dec47ec79)
2007-10-10r17603: Make net_ads_join_ok return NTSTATUS.Volker Lendecke1-7/+12
Thanks to Michael Adam <ma@sernet.de> hop, hop, hop... ;-) Volker (This used to be commit 47facab798bdc6e20b2620972f1b8f2338fac239)
2007-10-10r17602: Make check_ads_config return NTSTATUS, set some error codes in ↵Volker Lendecke1-10/+18
net_ads_join. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 27cca861507afa9caf694ef89e543c86de01c2cd)
2007-10-10r17595: Fix from Ben Winslow <rain@bluecherry.net> to allowJeremy Allison1-0/+4
client smb signing to be correctly turned off. Jeremy. (This used to be commit 61f052b0a67b8a05b5d925bf8bbad73369ac03bd)
2007-10-10r17592: Remove some unused functions pointed out by John E. Malmberg, makeVolker Lendecke2-235/+46
do_file_lock static to pdb_smbpasswd.c, the only user of it. Volker (This used to be commit 543f77a45f0a75ede48b0f2c674a0abdd386fed5)
2007-10-10r17591: machine_account is unused, and ctx must be freed. Thanks MichaelVolker Lendecke1-3/+2
(This used to be commit a347f8a9c480cf09abac9144e04ab2b13457e3b0)
2007-10-10r17590: Some C++ WarningsVolker Lendecke3-16/+16
(This used to be commit b7ec240880af0072ef20b2c0d688ef3cc386d484)
2007-10-10r17589: Check in the really uncontroversial patch from MichaelVolker Lendecke1-0/+5
(This used to be commit de76217cfb9d20431189e838999a634e4de067a9)
2007-10-10r17585: Don't let ads_status throw away the error information.Volker Lendecke1-38/+45
Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit ea3a4142a0f2140d8743a50518ae94df2d84d972)
2007-10-10r17584: Some C++ WarningsVolker Lendecke5-10/+10
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
2007-10-10r17583: Change internal cli_session_setup functions to NTSTATUS.Volker Lendecke1-47/+56
Volker (This used to be commit 990da03f0940371d20f89c145b7ebdbe8e9bf4c4)
2007-10-10r17573: Fix typoVolker Lendecke1-1/+1
(This used to be commit fd6e3f133b267a9506699d1c2934a153dd732df2)
2007-10-10r17572: Fix the buildVolker Lendecke1-5/+5
(This used to be commit acf237b3cd1b546c2744447d977d36a8e3ed4d10)
2007-10-10r17571: Change the return code of cli_session_setup from BOOL to NTSTATUSVolker Lendecke12-129/+148
Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
2007-10-10r17569: Make 'max smbd processes' more robust. Counting on the child to ↵Volker Lendecke4-88/+78
decrement a tdb entry is not the most reliable way to count children correctly. This increments the number of children after a fork and decrements it upon SIGCLD. I'm keeping a list of children just for consistency checks, so that we at least get a debug level 0 message if something goes wrong. Volker (This used to be commit eb45de167d24d07a218307ec5a48c0029ec097c6)
2007-10-10r17568: Reformatting -- more than 100 cols is too much :-)Volker Lendecke1-3/+6
(This used to be commit 2a66abca02b5e95b66ab336f0d0e3977676d4540)
2007-10-10r17557: Change net_join_domain to return NTSTATUS instead of int.Volker Lendecke1-15/+16
Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit c4e10afadb39ff562287ab2294df0a1f83b28908)
2007-10-10r17556: Remove duplicate entries. Thanks to Michael Adam <ma@sernet.de>Volker Lendecke1-2/+0
Volker (This used to be commit ea83001d3ed0b5da67cf367c17fdef662bc01681)
2007-10-10r17555: CleanupVolker Lendecke1-340/+0
(This used to be commit 4199b5d2262e1e154f75f609fef20ed8e8c21cf2)
2007-10-10r17554: CleanupVolker Lendecke21-1513/+595
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17552: Attempt to fix tdb transactions on IRIXVolker Lendecke1-0/+1
(This used to be commit 4a7b06860cd2907eb0e0deb466a613529121b8b7)
2007-10-10r17551: Move some DEBUG to d_printf in interactive functions and returnVolker Lendecke2-8/+11
NO_LOGON_SERVERS if no domain controller was found. Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit d44599de3a61707a32851f37ddfb2425949622f8)
2007-10-10r17550: Fix a few bugs in the tdb_multikey code. Thanks to tridge for ↵Volker Lendecke2-5/+5
pointing them out. Volker (This used to be commit 6bf5e7080a51c416d1d1466b1ca84c8f23a6bf2c)
2007-10-10r17541: When returning a trans2 request, if the "max dataJeremy Allison4-27/+47
bytes returned" is less than the amount we want to send, return what we can and set STATUS_BUFFER_OVERFLOW (doserror ERRDOS,ERRbufferoverflow). Required by OS/2 to handle EA's that are too large. It's hard to test this in Samba4 smbtorture as the max data bytes returned is hard coded at 0xffff (as it is in the Samba3 client libraries also). I used a custom version of Samba4 smbtorture to test this out. Might add a "max data bytes" param to make this testable in the build farm. Confirmed by "Guenter Kukkukk (sambaos2)" <sambaos2@kukkukk.com> and Andreas Taegener <atsamba11@eideltown.de> that this fixes the issue. Jeremy. (This used to be commit ff2f1202b76991a404dae8df17c36f8135c8dc51)
2007-10-10r17536: Add a debug message citing the reason why an LDAP connection failed, ↵Volker Lendecke1-0/+5
inspired by Christian M Ambach <CAMBACH1@de.ibm.com>. Volker (This used to be commit cf7c83d462dc766fa6f48728d0a4e8d534cc2bd4)
2007-10-10r17535: Reformatting, this had many tabs instead of ^$Volker Lendecke1-6/+6
(This used to be commit 0f483cf66c203d8590998b83cbeeb236ba06ab63)
2007-10-10r17509: same for old woody packaging stuffSimo Sorce1-1/+1
(This used to be commit 4fc773080a43cc73906c99a38406706b23e84c3f)
2007-10-10r17508: I didn;t realize we had this in our packages, remove itSimo Sorce1-1/+1
(This used to be commit 47a462359562eea5d99e1c3965569615c3451397)
2007-10-10r17496: net groupmap add could add uninitialized sid_name_typeJeremy Allison1-10/+27
entries to the group mapping db. Ensure this can't happen. Jeremy. (This used to be commit 2ba0d93d53868c8b28dccf91dfa26e86817da511)
2007-10-10r17487: Allocate some OID space for Samba4, so we don't trip on each other.Andrew Bartlett1-0/+5
Andrew Bartlett (This used to be commit 199a33ac80977782869b24ce86dcd51cb16d3851)
2007-10-10r17477: Add talloc_asprintf_len and make use of it.Volker Lendecke2-6/+49
Volker (This used to be commit c0ff2afe0683095401fa7b7654aa3b2fe950f7b3)
2007-10-10r17470: This is the group mapping rewrite announced a few days ago. I'm ↵Volker Lendecke2-307/+475
afraid it's more than 1000 lines of patch, but doing it in smaller pieces is hardly possible. Anybody interested please look over this. The patch is not really interesting, just look at the new groupdb/mapping.c file. Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we have overlapping mappings in group_mapping.tdb. With the old db a unix gid can be mapped to two different SIDs. This will be refused with the new code. Volker (This used to be commit f0f0e893ca41d35b58b35929de78dcb911b3c7dc)
2007-10-10r17469: remove unused variableSimo Sorce1-1/+0
(This used to be commit c7d115a7d08ecebe2ba70b3f0efae39a1fd8e42a)
2007-10-10r17468: To minimize the diff later on, pre-commit some changes ↵Volker Lendecke6-131/+125
independently: Change internal mapping.c functions to return NTSTATUS instead of BOOL. Volker (This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a)
2007-10-10r17465: Get rid of add_initial_entry. In the two places it was called in it ↵Volker Lendecke3-63/+40
seemed a bit pointless to me. Volker (This used to be commit 244b25ae49d3c635fc54498dbee29f5b649ea1fa)
2007-10-10r17464: Ensure we use a hash16 data type, not a string,Jeremy Allison1-3/+45
for storing offline hashes. Jeremy. (This used to be commit c8e6f7e41c9db436b34dd127d77940d7b43bf13b)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke10-121/+52
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r17462: Fix a cut&paste bug that caused us to return a null SID on some ↵Simo Sorce1-0/+6
error conditions (This used to be commit 954593bd41ff2475df5d37eae18be08ffa3002eb)
2007-10-10r17461: Ensure we never save a NULL SID mapping. || should be &&.Jeremy Allison1-1/+1
Found by Whitfield school. Jeremy. (This used to be commit f8584a475853bd8937fb0cf1b304c98f96fbd872)
2007-10-10r17460: First step at fixing the build breakage with the groupmapping test. ↵Volker Lendecke1-0/+1
On Linux, F_RDLCK is defined to 0, for example NetBSD has it at 1. Still does not work fully though. Still investigating. This might also be interesting to Samba4. Volker (This used to be commit a1c3774e01710ae0edc89e05f7781d2928ea9319)
2007-10-10r17459: As by Jerry's word commit this without his review.Simo Sorce6-50/+246
This patch add some missing async functions to solve UID/GID -> SID requests not just out of the cache, but down the remote idmap if necessary. This patch solves the problem of servers not showing users/groups names for allocated UID/GIDs when joined to a group of servers that share a prepopulated idmap backend. Also correctly resolve UID/GIDs to SIDs when looking ACLs from the windows security tab on teh same situation. Simo. (This used to be commit b8578bfab6a04fcd65a2e65f507067459e326077)
2007-10-10r17457: Add a test to do some operations on group mapping.Volker Lendecke7-171/+625
Volker (This used to be commit 68db058fdf508d5b4d38731ece21f5d92feca00c)
2007-10-10r17454: Adding dfs_EnumEx for rpcclient (Samba4 IDL to follow).Günther Deschner4-4/+136
Guenther (This used to be commit 8c1198c1592e7c07904b448ed7a54b9b23c941df)