Age | Commit message (Collapse) | Author | Files | Lines |
|
AD DC
* Merge patches from SLES10 to make sure we talk to the correct
winbindd process when performing pam_auth (and pull the password policy info).
(This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
|
|
Comments from the patch:
/* Add the "Unix Group" SID for each gid to catch mapped groups
and their Unix equivalent. This is to solve the backwards
compatibility problem of 'valid users = +ntadmin' where
ntadmin has been paired with "Domain Admins" in the group
mapping table. Otherwise smb.conf would need to be changed
to 'valid user = "Domain Admins"'. --jerry */
(This used to be commit 3848199287c5829aef66d0dee38a79056fe1ff5c)
|
|
(This used to be commit dda0b8bce6b7e0146badd8aeb52b5cce6289de21)
|
|
Michael Adam/Volker, please check.
Guenther
(This used to be commit d0feb85781f69325ee70aff98370cfac037c4cc2)
|
|
value into an auto on the stack that gets removed when
we return from the frame :-).
Jeremy.
(This used to be commit 85bf8a16116e5eb9d4400e809531737d45890abb)
|
|
(I hate username level)
(This used to be commit 0939b6e20c6aef7a203c92fb0afa207c9fa779dd)
|
|
Michael Adam <ma@sernet.de>)
(This used to be commit 7b51e27d026f2511edcde054f0d2deb9932d2fe8)
|
|
when using smbpasswd
(This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
|
|
problems Kukks reported.
Jeremy.
(This used to be commit 426d722029b245e239f0ee39b6be249c59e1918c)
|
|
Jeremy.
----------
several replacement snprintf() fixes.
1) when running the testsuite, actually test against the system
sprintf(), not against ourselves (doh!)
2) fix the buffer termination to terminate buf2 as well
3) fix handling of %llu, and add a simple test
This fixes a bug with password expiry on solaris
----------
(This used to be commit 64fd96666f391101c41b7a564fd20ab2e93e3923)
|
|
FreeBSD. Change to sys_getpeerid(). Thanks to
vl for pointing this out.
Jeremy.
(This used to be commit dd0069cfcabb25dc7dc0d336696a5f2580abb5a1)
|
|
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
|
|
(This used to be commit 76ef8af881843685a5b14c9017cba32f6867bd28)
|
|
(This used to be commit 8dcc4e7dd6dd879f341b58fc04cb1308c0463862)
|
|
farm. If
we want to walk more printing code in the build farm I think doing that with a
customized printing backend is much easier than with a set of shell scripts.
Jerry, comments?
Volker
(This used to be commit 949cd6b992364d2bc60fd59051b6ac1c4cc4288c)
|
|
(This used to be commit d7246284e0117f7a97b3cbb80ff45b532559bf63)
|
|
Jeremy
(This used to be commit b711587f6e33bc5781b15da7bc49b31db4653073)
|
|
the nt hash directly in the winbindd cache, store a
salted version (MD5 of salt + nt_hash). This is what
we do in the LDAP password history code. We store
this salted cache entry under the same name as an old
entry (CRED/<sid>) but detect it on read by checking
if there are 17 bytes of data after the first stored
hash (1 byte len, 16 bytes hash). GD PLEASE CHECK.
Jeremy.
(This used to be commit 89d0163a97edaa46049406ea3e2152bee4e0d1b2)
|
|
stored - only store the password if we're going to
be doing a krb5 refresh. GD please review this change !
Now to add code to reference count the cached creds
(to allow multiple pam_logon/pam_logoffs to keep the
creds around), ensure that the cred cache is called
on all successful pam_logons (if we have winbindd cache
pam credentials = true, set this by default) and finally
ensure the creds cache is changed on successful password
change. GD - you *really* need to review this :-).
Jeremy.
(This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
|
|
a copy of the plaintext password, only the NT and LM
hashes (all it needs). Fix smbencrypt to expose hash
verions of plaintext function. Andrew Bartlett, you
might want to look at this for gensec.
This should make it easier for winbindd to store
cached credentials without having to store plaintext
passwords in an NTLM-only environment (non krb5).
Jeremy.
(This used to be commit 629faa530f0422755823644f1c23bea74830912f)
|
|
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
(This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
|
|
Let's see what it breaks. For me it works :-)
Volker
(This used to be commit 337be14b432e5dfd80c7418b2db4fe0087259b77)
|
|
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 6e641c90b8f52a822a83701cdf305c60416d7f0c)
|
|
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
|
|
Jeremy, please check this!
Volker
(This used to be commit 8117a7b3bf3f273dd018c42864b3136dec47ec79)
|
|
Thanks to Michael Adam <ma@sernet.de>
hop, hop, hop... ;-)
Volker
(This used to be commit 47facab798bdc6e20b2620972f1b8f2338fac239)
|
|
net_ads_join.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 27cca861507afa9caf694ef89e543c86de01c2cd)
|
|
client smb signing to be correctly turned off.
Jeremy.
(This used to be commit 61f052b0a67b8a05b5d925bf8bbad73369ac03bd)
|
|
do_file_lock static to pdb_smbpasswd.c, the only user of it.
Volker
(This used to be commit 543f77a45f0a75ede48b0f2c674a0abdd386fed5)
|
|
(This used to be commit a347f8a9c480cf09abac9144e04ab2b13457e3b0)
|
|
(This used to be commit b7ec240880af0072ef20b2c0d688ef3cc386d484)
|
|
(This used to be commit de76217cfb9d20431189e838999a634e4de067a9)
|
|
Thanks to Michael Adam <ma@sernet.de>.
Volker
(This used to be commit ea3a4142a0f2140d8743a50518ae94df2d84d972)
|
|
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
|
|
Volker
(This used to be commit 990da03f0940371d20f89c145b7ebdbe8e9bf4c4)
|
|
(This used to be commit fd6e3f133b267a9506699d1c2934a153dd732df2)
|
|
(This used to be commit acf237b3cd1b546c2744447d977d36a8e3ed4d10)
|
|
Volker
(This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
|
|
decrement a
tdb entry is not the most reliable way to count children correctly.
This increments the number of children after a fork and decrements it upon
SIGCLD. I'm keeping a list of children just for consistency checks, so that we
at least get a debug level 0 message if something goes wrong.
Volker
(This used to be commit eb45de167d24d07a218307ec5a48c0029ec097c6)
|
|
(This used to be commit 2a66abca02b5e95b66ab336f0d0e3977676d4540)
|
|
Thanks to Michael Adam <ma@sernet.de>.
Volker
(This used to be commit c4e10afadb39ff562287ab2294df0a1f83b28908)
|
|
Volker
(This used to be commit ea83001d3ed0b5da67cf367c17fdef662bc01681)
|
|
(This used to be commit 4199b5d2262e1e154f75f609fef20ed8e8c21cf2)
|
|
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
|
|
(This used to be commit 4a7b06860cd2907eb0e0deb466a613529121b8b7)
|
|
NO_LOGON_SERVERS if no domain controller was found.
Thanks to Michael Adam <ma@sernet.de>.
Volker
(This used to be commit d44599de3a61707a32851f37ddfb2425949622f8)
|
|
pointing them
out.
Volker
(This used to be commit 6bf5e7080a51c416d1d1466b1ca84c8f23a6bf2c)
|
|
bytes returned" is less than the amount we want
to send, return what we can and set STATUS_BUFFER_OVERFLOW
(doserror ERRDOS,ERRbufferoverflow). Required by
OS/2 to handle EA's that are too large. It's hard
to test this in Samba4 smbtorture as the max data
bytes returned is hard coded at 0xffff (as it is
in the Samba3 client libraries also). I used a
custom version of Samba4 smbtorture to test this
out. Might add a "max data bytes" param to make
this testable in the build farm. Confirmed by
"Guenter Kukkukk (sambaos2)" <sambaos2@kukkukk.com>
and Andreas Taegener <atsamba11@eideltown.de>
that this fixes the issue.
Jeremy.
(This used to be commit ff2f1202b76991a404dae8df17c36f8135c8dc51)
|
|
inspired
by Christian M Ambach <CAMBACH1@de.ibm.com>.
Volker
(This used to be commit cf7c83d462dc766fa6f48728d0a4e8d534cc2bd4)
|
|
(This used to be commit 0f483cf66c203d8590998b83cbeeb236ba06ab63)
|