summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21893: Update comments so they actually reflect reality...Rafal Szczesniak1-3/+3
rafal (This used to be commit 8f313061a4cbc69d8dd17aa282d79d07a9275242)
2007-10-10r21892: Mini-Patch from MichaelVolker Lendecke1-2/+0
(This used to be commit 6cae3cf28155091a3951ecabd1c1b7e5c62d4c16)
2007-10-10r21891: Finish server-side NTLM-SPNEGO negotiation support.Jeremy Allison1-33/+75
Now for the client part, and testing. Jeremy. (This used to be commit 487706701f5f4a92c8fd1da1f29fb44491bac064)
2007-10-10r21888: Add the osname and osver options to 'net ads join' as discussedGerald Carter1-1/+94
on the samba-technical ml. I'll add a 'net ads set attribute=value' utility later rather than the original 'net ads setmachineupn' patch that was also posted to the tech ml. (This used to be commit 5035778ae4b3a5e445faa535c5caf00bc8d220d8)
2007-10-10r21887: Fix annoying bug where in a pam_close_session (or a pam_setcred with theGünther Deschner1-1/+29
PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches. Make sure that only root can do this. Jerry, Jeremy, please check. Guenther (This used to be commit 947a59a849e9132631ec56b7ade09137e508d5d6)
2007-10-10r21885: Chown logic should be activated only if nfs4:chown=yesAlexander Bokovoy1-24/+26
(This used to be commit b10410634f6dac532a867be5506cf79886833828)
2007-10-10r21884: * Blacklist BUILTIN and MACHINE domains from theGerald Carter2-18/+31
idmap domains as these should only be handled by the winbindd_passdb.c backend * Allow the alloc init to fail for backwards compatible configurations like idmap backend = ad idmap uid = 1000-100000 .... * Remove the deprecated flags from idmap backend, et. al. These are mutually exclusive with the new configuration options (idmap domains). Logging annoying messages about deprecated parameters is confusing. So we'll try this apprpach for now. (This used to be commit 5e30807b4e9c0211c9e2c02deee94543e8f0d855)
2007-10-10r21883: Try and fix the build by removing the prototypes forJeremy Allison2-2/+10
functions that take a gss context handle in includes.h Jeremy. (This used to be commit 638b03242d4a6b1df2477dad19240ed61a14a5a3)
2007-10-10r21882: The server part of the code has to use an AUTH_NTLMSSP struct,Jeremy Allison7-80/+327
not just an NTLMSSP - grr. This complicates the re-use of common client and server code but I think I've got it right. Not turned on of valgrinded yet, but you can see it start to take shape ! Jeremy. (This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
2007-10-10r21881: Make sure we are very specific when testing whether a backand can ↵James Peach2-2/+9
handle a particular SID. Make sure that the passdb backend will accept the same set range of local SIDs that the idmap system sends it. Simo, Jerry - this is a 3_0_25 candidate. Can you please review? (This used to be commit 86a70adb6a2d277f235857451bbee7d530d15310)
2007-10-10r21880: Make client and server calls into encryption code symetrical,Jeremy Allison4-93/+224
depending on encryption context pointer. Jeremy. (This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)
2007-10-10r21879: Move process_blocking_lock_queue to a timed event.Volker Lendecke2-52/+72
The idea is that we have blocking.c:brl_timeout as a timed event that is present whenever we do have a blocking lock pending. It fires brl_timeout_fn() which calls process_blocking_lock_queue(). Whenever we make changes to blocking_lock_queue, we trigger a recalc_brl_timeout() which sets a new brl_timout event if necessary. This makes the call to blocking_locks_timeout_ms() in setup_select_timeout() unnecessary, this is implicitly done in event_add_to_select_args() from the timed events. Volker (This used to be commit 7e31b8ce21de803ac1f8967967393341a3f44ac3)
2007-10-10r21878: Fix a bug with smbd serving a windows terminal server: If winbind ↵Volker Lendecke5-12/+49
decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker (This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
2007-10-10r21877: Missed one line.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 184571e4b0283fb1a62c441f10429006656052c8)
2007-10-10r21876: Start adding in the seal implementation - prototype codeJeremy Allison3-7/+198
for the server side enc. (doesn't break anything). I'll keep updating this until I've got NTLM seal working on both client and server, then add in the gss level seal. Jeremy. (This used to be commit 530ac29abf23e920baa549e7cec55199edd8bd74)
2007-10-10r21875: BUG 3275: Patch from Andy Polyakov <appro@fy.chalmers.se>Gerald Carter2-19/+14
Relax check for i386 header checks in the PE header of printer driver files. Thus allowing uploading of x64 print drivers from 64bit Windows clients. (This used to be commit 328807ec7b1ce6489d5443a93d1599f93af93933)
2007-10-10r21874: Fix missing notify function. Thanks to Thomas Bork <tombork@web.de>Jeremy Allison1-0/+26
for pointing this out ! Jeremy. (This used to be commit b69e18c7f167418ca364a85f1dac252f7b549e57)
2007-10-10r21873: This is winbindd_pam.c, not pam_winbind.c :-)Volker Lendecke1-1/+1
(This used to be commit e1fbfbe1c49d3ff1ca71a33e66fae1f2d48fb7a7)
2007-10-10r21872: Fix a debug messageVolker Lendecke1-1/+1
(This used to be commit fcec3d1c46affbf802fb411913c8cc59c02102fa)
2007-10-10r21871: Move deadtime processing into an idle event. While there, simplifyVolker Lendecke3-43/+45
conn_idle_all() a bit. Volker (This used to be commit 3fc00977a99932b226bdcbc43bbc0ede1bcec26f)
2007-10-10r21870: Move sending auth_server keepalives out of the main loop into an ↵Volker Lendecke4-53/+61
idle event. Volker (This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
2007-10-10r21869: Move sending keepalives out of the main processing loop into idle event.Volker Lendecke3-14/+46
On the way, make lp_keepalive() a proper parameter. Volker (This used to be commit 9499fd9c803d030ce9827f8379c2e56d91bb786e)
2007-10-10r21868: Remove check_log_size from the central smbd processing loop. This ↵Volker Lendecke2-15/+5
can be done with a become_root/unbecome_root in debug.c. (This used to be commit 4632a0caaf251d9cc7b9d84cbd20362d37f0e4e0)
2007-10-10r21867: Simplify calling convention of timeout_processing. lp_deadtime is onlyVolker Lendecke2-11/+16
referenced in conn_idle_all(). (This used to be commit c0aaee6d36cf1fb873cfb9ab6ee52ff097a202a0)
2007-10-10r21866: Remove unused "lock spin count" parameterVolker Lendecke1-4/+0
(This used to be commit 52f2c89c0a462a69fe945401ac1a7341e2a6e4ca)
2007-10-10r21865: Add in the stubs for SMB transport encryption. Will fleshJeremy Allison7-8/+123
these out as I implement. Don't add to SAMBA_3_0_25, this is experimental code. NFSv4 you're now officially on notice... :-). Jeremy. (This used to be commit 5bfe638f2172e272741997100ee5ae8ff280494d)
2007-10-10r21864: Reformatting.Jeremy Allison1-92/+92
Jeremy. (This used to be commit f18e87ba6b6a3f4c16777cb5b6bf93a656800247)
2007-10-10r21863: Fix debug messages with incorrect function name.Jeremy Allison1-15/+15
Jeremy. (This used to be commit d432d81c8321a4444b970169a5c7c3c5709de8e5)
2007-10-10r21862: add the cups comment and location lookup to ↵Gerald Carter1-3/+10
get_a_printer_2_default() as well (This used to be commit 5b47c4e5c25550ad72f9e558bb50f237ba28f81e)
2007-10-10r21861: Pull the comment and location from CUPS if we don't have oneGerald Carter2-0/+148
when fetching a printer from ntprinters.tdb. Slightly modified from original version submitted on samba-technical ml by Andy Polyakov <appro@fy.chalmers.se> (This used to be commit e859e1fdcd13c55746a53b5de4a02a3278f41815)
2007-10-10r21860: Fixes for "winbind normalize names" functionality:Gerald Carter5-5/+15
* Fix getgroups() call called using a normalized name * Fix some more name mappings that could cause for example a user to be unable to unlock the screen as the username would not match in the PAM authenticate call. (This used to be commit 505fc669a1b2c36e1639924b9639c97988056d8d)
2007-10-10r21858: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit 663514e511982437c09d45334b8d435448347ed6)
2007-10-10r21857: Stop pretending to be Vista in the %a macro towards Samba clients.Günther Deschner1-1/+3
Guenther (This used to be commit f55e1a312e75dc72ea040a35a9c20ccf539c4ae4)
2007-10-10r21855: Fix a memleak in the krb5 locator and comment out gfree_all() which ↵Günther Deschner1-2/+4
doesn't make sense as long as it doesn't work as an lp_unload(). Guenther (This used to be commit 128ea9bebbb215e41d2f0576e1a73c6a362b7467)
2007-10-10r21854: Add gfree_interfaces() to gfree_all().Günther Deschner2-0/+13
Guenther (This used to be commit eb34ebd9e76061417200a286c2831394be04529b)
2007-10-10r21853: Fix a valgrind errorVolker Lendecke1-0/+5
(This used to be commit d0d16cc55ab830dcfd4f8c6c7bf64d2b9b6dd55b)
2007-10-10r21851: Obvious typos...Volker Lendecke1-2/+2
(This used to be commit ff886436b739bbb5c00a67de970841205a3f447c)
2007-10-10r21850: After Jerry explained to me the HORRIBLE way in whichJeremy Allison1-5/+15
the MIT gss libraries *SUCK*, move the frees to the end of the function so MIT doesn't segfault..... Add a comment so that another engineer knows why I did this. Jeremy. (This used to be commit 1a2be06d4a1131952a97f94b05ae69b1dce4c300)
2007-10-10r21848: add a comment about gss_import_name() and when to free the krb5 ↵Gerald Carter1-1/+9
principal data (This used to be commit 54a114fa7569315a8ad391689ebf5d68ef4a62d4)
2007-10-10r21847: Fix memory leaks in error paths (and in main code path in one case...)Jeremy Allison2-5/+14
in sasl bind. Wonder why coverity didn't find these ? Jeremy. (This used to be commit 89bdd30e4b2bb9dbc2ab57c54be8c6d01cae5a26)
2007-10-10r21846: Try and fix the Darwin build which seems to have a strange krb5.Jeremy Allison1-0/+6
Jeremy. (This used to be commit 1e32b44bfcf7676b3a9f208054fa853e7066eafc)
2007-10-10r21845: Refactor the sessionsetupX code a little to allow usJeremy Allison6-73/+319
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to a client when there's clock skew. Will help people debug this. Prepare us for being able to return the correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED" error with associated krb5 clock skew error to allow clients to re-sync time with us when we're eventually able to be a KDC. Jeremy. (This used to be commit c426340fc79a6b446033433b8de599130adffe28)
2007-10-10r21840: mount.cifs compile on old libc missing bind mount #defineSteve French1-0/+4
Thanks to Thomas Jarosch for pointing this out. (This used to be commit bd9439cc7d80e172feab72229b553028e134de05)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke7-36/+6
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21825: add debug prefix timestamp to allow "short timestamps" to beHerb Lewis2-2/+12
added to debug messages (This used to be commit 4af2795e65f6bab156b300d720c7ea75c944bb87)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke7-6/+36
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r21822: Adding experimental krb5 lib locator plugin.Günther Deschner3-0/+399
This is a starting point and may get changed. Basically we need follow the exact same path to detect (K)DCs like other Samba tools/winbind do. In particular with regard to the server affinity cache and the site-awarness for DNS SRV lookups. To compile just call "make bin/smb_krb5_locator.so", copy to /usr/lib/plugin/krb5/ (Heimdal HEAD) or /usr/lib/krb5/plugins/libkrb5/ (MIT) and you should immediately be able to kinit to your AD domain without having your REALM with kdc or kpasswd directives defined in /etc/krb5.conf at all. Tested with todays Heimdal HEAD and MIT krb5 1.5. Guenther (This used to be commit 34ae610bd5b9fd1210f16beac07a1c5984144ca7)
2007-10-10r21819: Wrap all steps in secrets_store_machine_password into one singleVolker Lendecke1-12/+50
transaction. Succeed all or store nothing. Volker (This used to be commit 4efc7b45985e807532214959c1872cd6e7865ab8)
2007-10-10r21818: Remove some unused codeVolker Lendecke1-23/+0
(This used to be commit f88eab91c43570e4da7a4a6cd117e7b7ebf53331)
2007-10-10r21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failureAndrew Tridgell1-1/+2
(This used to be commit 05bd5cb6eef2f0adacc98fd2c94356006358d3d6)