Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit ef1782121bc4ebcdd2731fd6863209352f815dbe)
|
|
Jeremy.
(This used to be commit 7787815da498382a380230912e0573f41347d0d8)
|
|
Jeremy.
(This used to be commit b2ef052adad01c37f0fd4b9b82a16a9989d57082)
|
|
(This used to be commit 14499e64555481fdd5fa8ba656a4cba9a597a86b)
|
|
Apply metzes patch (hopefully) correctly this time
Volker
(This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
|
|
For some reason, explicitly setting the service type during the
tcon&X fixes this.
(This used to be commit 4dd81caeff96d2b7f08b4846a524f917a85407a4)
|
|
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
|
|
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
|
|
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 09a3db0ffcbbe578788d3dd5ee7540d27cc7c09a)
|
|
directly anymore, but instead through the passdb
interface. So we can make them static.
Volker
(This used to be commit 99da1119a7a7fc0879e63f7e11cb4500419359e8)
|
|
This adds 'ldap delete dn' as the recommended parameter
for the 'ldap del only sam attr' functionality. So
we are compatiple to the current SuSE patches as well
as to TNG... ;-)
Volker
(This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
|
|
> Hi Volker,
>
> if 'displayName' is not available we should fallback to 'cn' for map->nt_name
> 'cn' is used as unix group name by nss_ldap.
>
> and if nt_name is not available we should fail (so does this patch)
Volker
(This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
|
|
(Decode all database names, and set only changes, not all info from the samsync
record).
Andrew Bartlett
(This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419)
|
|
(This used to be commit 8315b9c3119dde62aeb72ad5e20f63aee89abd0b)
|
|
krb5-config
(This used to be commit 70634d248e74395c05d9980b07d53a20327a30a8)
|
|
This repairs domain join with fully existing wks-account which I broke
with my last patch...
Volker
(This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)
|
|
anymore, but instead look at what is currently stored in the
database. Then we explicitly delete the existing attribute and add the
new value if it is not NULL or "". This way we can handle appearing
and disappearing attributes quite nicely.
This currently breaks pdbedit -o, as this does not set the CHANGED
flag on the SAM_ACCOUNT.
Jelmer suggested that we set all the fields on CHANGED in
context_add_sam_account. This sounds not too unreasonable.
Volker
(This used to be commit a75015c9ce8246670ee7c7d73df585390696fe95)
|
|
Small clenaup patches:
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
- connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac)
|
|
to the integer for SIVAL().
(This used to be commit 5e20868fadc4e01ea09639bc57c51d1eb687f78c)
|
|
(This used to be commit f16a70a405a702945ada42be638c3d17c59517c0)
|
|
Andrew Bartlett
(This used to be commit 6bf04c41ed88528345f6bb19d48f5909753a8322)
|
|
- pdb_guest (including change defaults)
- 'default' passdb actions (instead of 'not implemented' stubs in each module)
- net_rpc_samsync no longer assumes pdb_unix
Andrew Bartlett
(This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
|
|
'minimum password age' during a password SET.
Andrew Bartlett
(This used to be commit dd6516e2e87cbe6bcbc371756d99ebb3b5617c2b)
|
|
Jeremy.
(This used to be commit 331e621b580f997592892be0226fb452c67ae9e1)
|
|
Give volker a hand, and let domain joins with existing user accounts work
a bit better.
This just sets the minimum possible attributes - if we are 'upgrading' an
LDAP based user account, the attributes will be there anyway. This matches
NT pretty well to.
This also fixes some use of unitialised values in the desired_access checking.
(found by valgrind).
Andrew Bartlett
(This used to be commit 536e24ee5b83eaa77be81dd50e3e1a5010b5abf4)
|
|
(This used to be commit d59a7bea6b22a4c3e6cacd1a4c5ee95f42b13a26)
|
|
when sending(and vice versa when receiving).
(This used to be commit 5310447ec6e0df1c000e3ee14572f5b7fee31f28)
|
|
(This used to be commit 2e3710f67293b01084026549246d494103b2d536)
|
|
(This used to be commit 62d5a78b024898485f610b5d9db1a6d9a5c68c21)
|
|
(This used to be commit eccb6998111ce7a56bfd11578ccd7c09958f407e)
|
|
(This used to be commit 0308a0a11265050f53fc7e8e03f8e17b04adb45d)
|
|
(This used to be commit 68b4052281d22dace2ae9e48d022fa288c0a6425)
|
|
(This used to be commit f0ab1b6147bc0a0e028e67b598bfc0cb9944c8cc)
|
|
Apply the job returned limit across all requests for job queues.
Jeremy.
(This used to be commit bf795b684e608f82db822e0759e7b69afd451b65)
|
|
a void)
(This used to be commit 55681422e97ede0ff9446925c7678d6254b13878)
|
|
(This used to be commit 5078436d83f0fdc568d6687809c7c70dea5fd382)
|
|
(This used to be commit c5876f9f07bfff4e03f3a70136515c9daab20afd)
|
|
used to be commit 6f94672d3da070aae0b17f4dcdc6cd119b68d84c)
|
|
put a doc about it in dev-doc later today.
(This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a)
|
|
Volker
(This used to be commit f42032060812e9bf409042c790e71fefb40ff17a)
|
|
This patch is heavily based on a patch by SuSE. Thanks
to Guenther Deschner <gd@suse.de> for providing it.
Volker
(This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454)
|
|
Thanks to Guenther Deschner <gd@suse.de>
Volker
(This used to be commit 52250e42a99390deb58478305410b93b877aa015)
|
|
Thanks to Guenther Deschner <gd@suse.de>
Volker
(This used to be commit 70bf31e1b0850c257e893e8850b7d5c53ba5af48)
|
|
(This used to be commit 52c2b2418d3ba0d64dcaa2e1d0be3b240cd6c636)
|
|
(This used to be commit 65dbd07b3012b0de4d8db0bb01c1d77ae3dc0fa8)
|
|
(This used to be commit 3247b6be7a284c10c2885854a0da0501fb2f506e)
|
|
currently, should there be?
(This used to be commit 0038a31819ad13dcfaff381ab2bb9f9fef62c1e8)
|
|
(This used to be commit 051b33e98f94ad09b4d8816a88e78715e7dc2a5e)
|
|
(This used to be commit 41ea416adbc074f3a34b66c18ed63c7d44ea28fc)
|
|
(This used to be commit a4057885405a2dd5f78592f9a6da7f071b486fd0)
|