summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-12-01s3:winbindd_cache: add debugging to get_nss_info_cached()Michael Adam1-0/+7
Michael
2008-12-01s3:winbindd/nss_info: add entry debug message to nss_get_info()Michael Adam1-0/+3
Michael
2008-12-01s3:winbindd/nss_info: add debugging to nss_init()Michael Adam1-0/+7
Michael
2008-12-01s3:winbindd/idmap_ad: add entry debug message to nss_ad_get_info()Michael Adam1-0/+3
Michael
2008-12-01s3:winbindd/idmap_ad: add support for trusted domains to idmap_ad (bug #3661)Michael Adam1-126/+221
This initial fix does at least work for explicitly configured domains. The patch has a few disadvantages: 1. It does work only for explicitly configured domains, not with the default backend (idmap backend = ad), since it relies on the domain name being passed in via the idmap_domain. One workaround for this would be to create clones of the default idmap_domain for domains not explicitly configured. 2. It calls find_domain_from_name_noinit() from idmap_ad_cached_connection. The problem here is that only the NetBIOS domain name (workgroup name) is passed in via the idmap_domain struct, and the module has to establish a connection to the domain based on that information. find_domain_from_name_noinit() has the disadvantage that it uses the state of the domain list at fork time (unless used from the main winbindd). But this should be ok as long as the primary domain was reachable at start time. For nss_info, the situation is similar - This will only work for domains explicitly configured in smb.conf as follows: "winbind nss info = rfc2307:dom1 sfu:dom2 rfc2307:dom3 template:dom4" Setting the default nss info to one of the ad backends (rfc2307, sfu, sfu20) will fail since the domain name is not passed in with the nss_domain_entry. Michael
2008-12-01s3:winbindd/idmap_ad: refactor core of nss_{sfu|sfu20|rfc2307}_init to ↵Michael Adam1-34/+48
common function. Michael
2008-12-01s3:winbindd/idmap_ad: rename ctx to mem_ctx in nss_ad_get_info()Michael Adam1-8/+8
in preparation to using the idmap_ad_context there Michael
2008-12-01s3:winbindd/idmap: add diagnostic entry debug msg to ↵Michael Adam1-0/+3
idmap_backends_sid_to_unixid Michael
2008-12-01s3:winbindd/idmap: add diagnostic entry debug msg to ↵Michael Adam1-0/+4
idmap_backends_unixid_to_sid Michael
2008-12-01s3:winbindd/idmap: add diagnostic entry debug msg to idmap_find_domain().Michael Adam1-0/+3
Michael
2008-12-01s3:winbindd/idmap_util: unify entering debug messages and add ouput of domainMichael Adam1-4/+8
Michael
2008-12-01s3:winbindd/nss_info: change nss_map_{to|from}_alias to take nss_domain_entryMichael Adam6-22/+24
instead of just the domain name Michael
2008-11-30Set PRESENT flag when returning NULL [SD]ACL like Windows does.Steven Danneman1-1/+9
This could also be handled inside each ACL VFS module, by setting the PRESENT flag when a NULL [SD]ACL is created.
2008-11-30remove the explicit mem_ctx from ntlmssp_state, use the state itselfVolker Lendecke3-50/+45
2008-11-30fix nonempty blank linesVolker Lendecke2-30/+29
2008-11-30Do not build the session request if it si not used anywayVolker Lendecke1-4/+4
2008-11-30fix nonempty blank linesVolker Lendecke1-19/+19
2008-11-29s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze.Günther Deschner1-16/+29
Guenther
2008-11-29s3-libnetjoin: remove unused md4_trust_password, found by metze.Günther Deschner1-5/+0
Guenther
2008-11-28s4-smbtorture: add some more testcases to pwdlastset test.Günther Deschner1-30/+118
Guenther
2008-11-28s4-smbtorture: fix RPC-SAMR-PASSWORDS-PWDLASTSET with samba3 option.Günther Deschner1-1/+0
Guenther
2008-11-28s3-samr: add init_samr_user_info25 and init_samr_user_info26.Günther Deschner2-0/+118
Guenther
2008-11-28selftest: s4 does not have a pwdlastset implementation yet.Günther Deschner1-0/+1
Guenther
2008-11-28s4-smbtorture: allow to disable full testing of all possible opcode ↵Günther Deschner1-2/+19
combinations. Guenther
2008-11-28s4-smbtorture: move test to SAMR-PASSWORDS-PWDLASTSET.Günther Deschner2-5/+42
Guenther
2008-11-28s4-smbtorture: add test for samr password_expired flag while setting passwords.Günther Deschner1-1/+401
Guenther
2008-11-28s4-smbtorture: add test_SetUserPass_level_ex.Günther Deschner1-0/+131
Guenther
2008-11-28s4-smbtorture: add samr_rand_pass_silent.Günther Deschner1-1/+8
Guenther
2008-11-28s4-samr: fix samr passwdord_expired callers.Günther Deschner4-9/+11
Guenther
2008-11-28s3-samr: fix init_samr_user_info{23,24} callers.Günther Deschner5-14/+14
Guenther
2008-11-28s3-build: re-run make samba3-idl.Günther Deschner2-8/+8
Guenther
2008-11-28samr: fix samr_UserInfo24 and samr_UserInfo26.Günther Deschner1-2/+2
Guenther
2008-11-28Remove "conn" parameter from np_open, smb_request contains itVolker Lendecke4-6/+7
2008-11-28Remove inbuf references from the trans2ioctl codeVolker Lendecke1-4/+4
2008-11-28Consolidate the buffer checks for the reply_trans style functionsVolker Lendecke3-169/+54
This is the one where I found the problem that led to 3.2.5. So if there is one checkin in the last year that I would like others to review and *understand*, it is this one :-) Volker
2008-11-28Move cli_trans_oob to lib/util.cVolker Lendecke3-17/+24
Rename it to trans_oob, it will be used in the server routines.
2008-11-28Remove the variable "size" from reply_nttransVolker Lendecke1-10/+13
This converts the range checks for the setup[] array to rely on req->wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker
2008-11-28Remove the variable "size" from reply_transVolker Lendecke1-12/+16
This converts the range checks for the setup[] array to rely on req->wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker
2008-11-28Remove an unused variableVolker Lendecke1-2/+0
2008-11-28Remove two direct inbuf references from reply_sesssetup_and_X_spnego()Volker Lendecke1-2/+2
2008-11-27s3-samr: never allow to alter pwdlastset directly.Günther Deschner1-0/+16
Guenther
2008-11-27s3-samr: fix return code for invalid password sets in SetUserInfo.Günther Deschner1-4/+4
Guenther
2008-11-27s3-samr: fix return code for invalid name in _samr_LookupDomain.Günther Deschner1-0/+3
Guenther
2008-11-27s3-samr: avoid enumeration and user creation on builtin domain handle.Günther Deschner1-0/+10
Guenther
2008-11-27s3-samr: support samr_CreateUser as well.Günther Deschner1-10/+20
Guenther
2008-11-27s3-samr: support samr_QueryUserInfo2 as well.Günther Deschner1-10/+15
Guenther
2008-11-27s3-samr: add support for _samr_QueryUserInfo level 5.Günther Deschner1-0/+108
Guenther
2008-11-27s3-samr: add init_samr_user_info5.Günther Deschner2-0/+66
Guenther
2008-11-27s4-smbtorture: fix some build warnings.Günther Deschner1-3/+3
Guenther
2008-11-27Fix the offset checks in the trans routinesVolker Lendecke3-9/+9
This fixes a potential crash bug, a client can make us read memory we should not read. Luckily I got the disp checks right... Volker (cherry picked from commit 64a1d80851da5b05e70ec6c96f6e9bd473748369) (cherry picked from commit f04c5650a3aeca23591ddc781c4b297caaf9bb3f)