summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke38-126/+135
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Use dom_sid_string for sid_string_tallocVolker Lendecke2-29/+17
Remove some code duplication, but introduce one more dependency on librpc/ndr. Easily turned around so that librpc/ndr depends on lib/util_sid if necessary (This used to be commit 3a0b1b2060facd5f1ac1461b23dd86c75cdd9458)
2007-12-15sid_string_static is no more :-)Volker Lendecke1-11/+8
We now have four ways to do sid_to_string: sid_to_string: Convert it into an existing fstring, when you have one sid_string_talloc: The obvious thing sid_string_tos: For the lazy, use only with care sid_string_dbg: The one to use in DEBUG statements (This used to be commit 7b8276aaa48852270c6b70b081c3f28e316a7a2c)
2007-12-15Replace sid_string_static with sid_to_stringVolker Lendecke13-37/+71
This adds 28 fstrings on the stack, but I think an fstring on the stack is still far better than a static one. (This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
2007-12-15Use sid_to_string directlyVolker Lendecke5-12/+9
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src)) (This used to be commit c221c246b10e2dbbd54a9af2dc45de2eae237380)
2007-12-15Replace sid_string_static with sid_string_tosVolker Lendecke12-41/+44
In utils/ I was a bit lazy... (This used to be commit 60e830b0f4571bd5d9039f2edd199534f2a4c341)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke4-34/+41
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke54-349/+330
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Add sid_string_dbgVolker Lendecke1-0/+5
This makes use of the just added debug_ctx and will kill many sid_string_static() calls (This used to be commit 3e4148c280efe154c3f8d552731c8b29d6977507)
2007-12-15Add debug_ctx according to an idea by TridgeVolker Lendecke1-0/+14
Sorry, Jeremy, I think for debug messages this is just the right way to do it. (This used to be commit 6312016e2727c2b5b1a4964a98cfb9585d77cc8c)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke3-19/+22
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-12-15add sid_string_tallocVolker Lendecke1-2/+10
(This used to be commit 9e3ef0923d71cc06b8445be2625ebd8dfed1b42d)
2007-12-15Fix a segfaultVolker Lendecke1-2/+2
sid_to_string still expects a fstring (This used to be commit 1f352cdd1976ad36484e146165df585b88ec5527)
2007-12-14Fix for bug #5082 from Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek ↵Jeremy Allison1-1/+9
<vorlon@debian.org>. Recent versions of Linux-PAM support localization of user prompts, so Samba must use the C locale when invoking PAM (directly or via /usr/bin/passwd) to ensure that password chat values match the prompts in a locale-invariant fashion. Jeremy. (This used to be commit bc13e939546a5bcb78925a6b117e89fde20f6451)
2007-12-14selftest: reenable wbinfo tests and pass --configfile instead of -sStefan Metzmacher3-3/+3
metze (This used to be commit 56251f78524416435299e26fca405e77d0f42043)
2007-12-14wbinfo: use POPT_COMMON_CONFIGFILEStefan Metzmacher1-10/+12
We can't use POPT_COMMON_SAMBA as the -s option is already used by -s, --sid-to-name=SID. Also load the config file after processing the cmdline options metze (This used to be commit 33cbd6903e8b468a782fb5d6913eb82824d3b347)
2007-12-14add POPT_COMMON_CONFIGFILE which only provides --configfile (not -s)Stefan Metzmacher2-0/+8
metze (This used to be commit af3392cc20942158ac9e0a533799c5904ff23347)
2007-12-14selftest: disable wbinfo testsStefan Metzmacher1-1/+1
wbinfo needs to take --config-file to work... metze (This used to be commit a8a74fc88cb6f4be1efdc1afab9b91defcd015ae)
2007-12-14selftest: add a bunch of wbinfo based tests for winbinddStefan Metzmacher2-0/+49
metze (This used to be commit 88b6d2c0e83f515e2f83e5b4edc0728c434c7294)
2007-12-14selftest: move workgroup name into WORKGROUP envvarStefan Metzmacher1-2/+3
metze (This used to be commit 8ace8fa82c2ccd6fdb9ca076fb2d6fed203c8126)
2007-12-14Revert smbclient changes.Karolin Seeger1-5/+0
Patch broke option -p. Sorry for breaking the build! Karolin (This used to be commit 81dab4145ffaf21d5d2176b16b5989f4035dd791)
2007-12-14Make smbclient to display error message and usage in the case of invalid ↵Karolin Seeger1-0/+5
options. (This used to be commit 04131b26de08b3cea948ef89921c56561d69dd1d)
2007-12-14winbindd: move domain child specific stuff into its own fileStefan Metzmacher7-114/+133
metze (This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
2007-12-14Revert "Fix for bug #4801: Correctly implement lsa lookup levels for ↵Stefan Metzmacher2-60/+22
lookupnames." As it breaks all tests which try to join a new machine account. So more testing is needed... metze This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380. (This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
2007-12-14debug: fix crash bug when DEBUG() is used before setup_logging()Stefan Metzmacher1-0/+4
this was introduced by the pstring removal (1ea3ac80146b83c2522b69e7747c823366a2b47d) metze (This used to be commit a412e6c7c676a054acd9db371221a50078cfe1d9)
2007-12-13Move dns_sd.h include to fix the build.James Peach1-3/+4
(This used to be commit cf221a94bd8794add508a2b9305b8c0d40c3346a)
2007-12-13Merge branch 'v3-2-test' of git://git.samba.org/samba into v3-2-testJames Peach14-235/+384
(This used to be commit 0de2b3eb515f2da21ffd1ce54979bb1f8063024b)
2007-12-13Register the smb service with mDNS if mSDN is supported.Rishi Srivatsavai4-9/+268
If mDNS is supported, attempt to register the first port we are listening on for the _smb._tcp service. This provides more reliable service discovery than NetBIOS browsing. (This used to be commit 1e7241517d1f55d60af22570e0c9feb280e3fdb5)
2007-12-13We don't need to call endpwent if we never call getpwent.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 27078d1292e8588956ae78e4cddb1bcebbe84478)
2007-12-13Add a varient of Steve Langasek <vorlon@debian.org> patchJeremy Allison1-10/+59
for bug #4780. Cause user mounts to inherit uid= and gid= from the calling user when called as non-root, except when overridden on the commandline. Jeremy. (This used to be commit 7fad5f38ea86ef76dc8e0853926b3248230616be)
2007-12-13Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into ↵Jeremy Allison1-1/+1
v3-2-test (This used to be commit c9496e97cf91c5f29f19c123377f03f44d1a32f6)
2007-12-13Arg. The fix for CVE-2007-6015 hadn't been merged into 3.2.Jeremy Allison2-0/+12
Do so now.... Jeremy. (This used to be commit 6b1246c29a0241c8e4bb98d659d847d010826b36)
2007-12-13Fix typo in debug statement.Michael Adam1-1/+1
Michael (This used to be commit da23684261f40c06dea30ab2df0c878ebb0d0d81)
2007-12-13Fix codepagedir to follow predefined libdir when using FHS. Fixes x86_64 build.Alexander Bokovoy1-2/+2
(This used to be commit b8e582c9941d2466a403e476c52026f4b4201062)
2007-12-13Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-testAlexander Bokovoy8-214/+308
(This used to be commit 45636efa39cbcc2ecf7af4dfd1ac6a90f197ba01)
2007-12-13Fix pam_smbpass buildAlexander Bokovoy1-6/+2
(This used to be commit fbc510f1717fe82338262c18c252d18987c55b5c)
2007-12-13Add flags for correctly implementing lsa_lookup_name levels.Michael Adam1-1/+9
(Prepare fix for Bug #4801.) Michael (This used to be commit 537b12647e25adcb7da3581f18d2e9feca1caf0c)
2007-12-13Make cm_connect_sam() try harder to connect autheticated.Michael Adam1-9/+26
Even if the session setup was anonymous, try and collect trust creds with get_trust_creds() and use these before falling back to schannel. This is the first attempt to fix interdomain trusts. (get password policy and stuff) Michael (This used to be commit e180bbd45452435e981192028a0ad90078c04236)
2007-12-13Refactor out assembling of trust creds (pw, account name, principal).Michael Adam1-17/+38
Michael (This used to be commit 481f18b20d6d5ee12c62120a3559bb16cc98e465)
2007-12-13Streamline and fix logic of cm_prepare_connection().Michael Adam1-25/+37
Do not attempt to do a session setup when in a trusted domain situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT). Use get_trust_pw_clear to get machine trust account. Only call this when the results is really used. Use the proper domain and account name for session setup. Michael (This used to be commit 18c66a364e0ddc4960769871ca190944f7fe5c44)
2007-12-13Refactoring out get_schannel_session_key logic.Michael Adam1-53/+39
Refactor the actual retrieval of the session key through the established netlogon pipe out of get_schannel_session_key() and get_schannel_session_key_auth_ntlmssp() into a new function get_schannel_session_key_common(). (To avoid code duplication.) Michael (This used to be commit e77c4022cfbb868e608edcb06b676658b0e201ad)
2007-12-13Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.Michael Adam1-2/+1
Michael (This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam4-8/+10
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Export logic of get_trust_pw() to new function get_trust_pw_clear().Michael Adam1-16/+58
get_trust_pw() just now computes the md4 hash of the result of get_trust_pw_clear() if that was successful. As a last resort, in the non-trusted-domain-situation, get_trust_pw() now tries to directly obtain the hashed version of the password out of secrets.tdb. Michael (This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
2007-12-13Refactor the lagacy part of secrets_fetch_trust_account_password() outMichael Adam1-13/+31
into a new function secrets_fetch_trust_account_password_legacy() that does only try to obtain the hashed version of the machine password directly from secrets.tdb. Michael (This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam4-55/+28
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-13Streamline logic in cm_connect_netlogon()Michael Adam1-5/+6
by retrieving trust password only, when it will be used. Michael (This used to be commit cdc60d8ae8c0ef804206b20b451e9557f97d4439)
2007-12-13In cm_prepare_connection(), only get auth user creds if we need to.Michael Adam1-2/+2
Michael (This used to be commit 164bfb25d7b5cfeffeb4d81958b7629a11ca5d5e)
2007-12-13Remove two unneeded functions.Michael Adam1-23/+0
secrets_store_trust_account_password() and trust_password_delete() are the write access functions to the SECRETS/$MACHINE.ACC/domain keys in secrets.tdb, the md4 hashed machine passwords. These are not used any more: Current code always writes the clear text password. Michael (This used to be commit 4788fe392427901f6b1c505e3a743136ac8a91ca)
2007-12-13Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam2-22/+60
This is a first patch aimed at fixing bug #4801. It is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)