summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-08-27Fix the wcache_invalidate_samlogon calls.Jeremy Allison3-4/+25
Jeremy. (This used to be commit 7c820899ed1364fdaeb7b49e8ddd839e67397ec0)
2008-08-27Correct the netsamlogon_clear_cached_user function.Ephi Dror1-36/+18
(This used to be commit bb13312d9d53b1e048b3a0bfeeca088f9db84cd3)
2008-08-27Add st_birthtime and friends for accurate create times on systems that ↵Jeremy Allison4-14/+124
support it (*BSD and MacOSX). Should have done this ages ago, sorry. Jeremy. (This used to be commit 4c3a9558906f213948c3bdc081be73f8fed148cb)
2008-08-27mount.cifs: unclear error message with "credentials"Steve French1-2/+3
Thanks to Christophe Curis for the suggestion (This used to be commit 3b5ad9190d2ad6d2ca0a569194bdff9003bda13b)
2008-08-27Be explicit about setting perms for the ldb. Helps others who may use this api.Jeremy Allison1-0/+3
Jeremy. (This used to be commit f0ea0f3502037db878238942ee0729f6940e0b01)
2008-08-27ldb: Fix permissions of new ldg files.Karolin Seeger1-1/+1
This one fixes together with 2eaf4ed62 bug #5715 and CVE-2008-3789. Thanks to Steve Langasek <vorlon@debian.org> for reporting! Karolin (cherry picked from commit b666d0a4b597218f5f5020bf36d80d84dcbf7259) (This used to be commit 73f54df7fedc8f0db022f902100fd5eb1b629fb2)
2008-08-27ldb: Fix permissions of group_mapping.ldb.Andrew Tridgell1-1/+7
This one fixes bug #5715 and CVE-2008-3789. (cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97) (This used to be commit 2eaf4ed62220246bcc1a9702166b0b4f381fdae3)
2008-08-26Fix bug spotted by Simo - don't use legacy if expired entry.Jeremy Allison1-4/+4
Jeremy. (This used to be commit a7bbd33139c5835cf32efdbe0ef187117699e3e4)
2008-08-26Don't ask winbindd if we got a -ve cache entry.Jeremy Allison1-4/+38
Jeremy. (This used to be commit 91f85d0dcaa917b7a90a77852f3a778a0ad99c4d)
2008-08-26Fix the build :-(. Ask winbindd if we find a negative cache entry (or shouldJeremy Allison1-5/+17
we just call the legacy function ?). Jeremy. (This used to be commit 566d3b6e76afeca8e862cb36202a5283b86920e4)
2008-08-26Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid ↵Jeremy Allison1-33/+51
mappings. Jeremy. (This used to be commit 31ba955d6950420096b9141454aa95b2510a3d9a)
2008-08-26Increase the default positive idmap cache time to a weekVolker Lendecke2-2/+2
(This used to be commit 60af63675063ad62c0169b9f2094ecfdaa7ca16d)
2008-08-26Move idmap_cache.c from winbindd/ to lib/Volker Lendecke2-3/+2
(This used to be commit fe70dcc1b63b1969c13f7fb03ec374b6e5a376a1)
2008-08-26run make idl after idl change "Handle arbitrary new PAC types"Michael Adam2-16/+6
Michael (This used to be commit 5de253ba1308f470a47f9e5f83c6eccd17e95c26)
2008-08-26Handle arbitrary new PAC typesAndrew Tridgell1-1/+1
When MS introduces a new PAC type, we should just ignore it, not generate a parse error. New PAC info structures are supposed to be backwards compatible with old ones (This used to be commit 2971b926c835412b02c93ad1e30f1471bc0a3612)
2008-08-26EINVAL is also a valid error return, meaning "this filesystemAndrew Tridgell1-2/+3
cannot do sendfile for this file" (This used to be commit 737f664604b28f230be63bfc2f3d516fd9eb1c63)
2008-08-26become root for AIO operationsAndrew Tridgell1-1/+7
We need to become root for AIO read and write to allow the AIO thread to send a completion signal to the parent process when the IO completes (This used to be commit c548e5c69f9d8bc85a654f4d29d64c735a5e780b)
2008-08-26Avoid a race condition in glibc between AIO and setresuid().Andrew Tridgell1-11/+13
See this test: http://samba.org/~tridge/junkcode/aio_uid.c The problem is that setresuid() tries to be clever about threads, and tries to change the euid of any threads that are running. If a AIO read or write completes while this is going on then the signal from the thread where the IO completed is lost, as it gets -1/EPERM from rt_sigqueueinfo() The simplest fix is to try to use setreuid() instead of setresuid(), as setreuid() doesn't try to be clever. Unfortunately this also means we must use become_root()/unbecome_root() in the aio code. (This used to be commit 56c5a6f024875bb79b0104beb36f6b0ec1e1e9f9)
2008-08-26fixed an errno handling bug that could lead to an infinite loopAndrew Tridgell1-2/+2
(This used to be commit 5ccdc58ce91ee40ca7171dd040191291aeb7fe02)
2008-08-26fixed tsmsm_sendfile(). The logic was totally broken.Andrew Tridgell1-4/+7
(This used to be commit 794e48b809036871287df8416a2c669b7e26f216)
2008-08-26build: make sure to create CODEPAGEDIR and MODULESDIR.Günther Deschner1-1/+1
Guenther (This used to be commit d31683cdc877b468e7443216ab9e6edff844c131)
2008-08-25Fix bug 4516, no IPv6 on Solaris 2.6.David Leonard1-3/+22
(This used to be commit b5d0f751e4bf19c2ad306ebb3baeb5e9e83e49ee)
2008-08-25winbindd: use set_auth_errors() in winbindd_dual_check_machine_acct as well.Günther Deschner1-4/+1
Guenther (This used to be commit bb9c59e892cc9d3047bde89a15cc341e2bd21bc5)
2008-08-25winbindd: move set_auth_errors to util functions.Günther Deschner3-12/+13
Guenther (This used to be commit ae3fa60c4546c7420722d8f422c22bbfd623ff5b)
2008-08-25winbindd: only create machine pwd change event when in primary domain child.Günther Deschner1-1/+1
Guenther (This used to be commit 543dfdc1cf6baf60bffc23c6aebc542fd58d2d2e)
2008-08-25auth: Fix build warning.Günther Deschner1-2/+3
Guenther (This used to be commit 4661ef625a6522d6f859b83e3e3702f01d0b952f)
2008-08-24Fix some nonempty blank linesVolker Lendecke1-11/+11
(This used to be commit 010c7101e59477f0d5f3bf11c17f474ec6f79cc1)
2008-08-24Fix some C++ warningsVolker Lendecke1-4/+6
(This used to be commit dd9e4e6db04acf20f6ef7705955358c7ca442bbd)
2008-08-23Revert "Protect against short read&x replies"Volker Lendecke1-4/+0
This reverts commit 4ed73cbbbeff4b554cc8d28252b756241396b3a1. ... how did this end up here?? Volker (This used to be commit 7dd9fd0956bd1c46105d1072c4774972933ab9ec)
2008-08-23Protect against short read&x repliesVolker Lendecke1-0/+4
(This used to be commit 4ed73cbbbeff4b554cc8d28252b756241396b3a1)
2008-08-23Fix some nonempty blank linesVolker Lendecke1-26/+26
(This used to be commit 541e088656773d2b3b56a5a8bdc8dea6c9edec86)
2008-08-23Use talloc_stackframe() in machine_password_change_handlerVolker Lendecke1-9/+5
(This used to be commit 79103000b13c95325534db749a0da638a3eb1807)
2008-08-23Fix a memleak in calculate_next_machine_pwd_changeVolker Lendecke1-2/+7
(This used to be commit 5314f06dcdf14ce5e038a03a3e4dfded227bd00c)
2008-08-23winbindd: add event based machine password change.Günther Deschner2-0/+120
Guenther (This used to be commit 15b72d44cbde0b8a375d8ed3d045c40ae97ec05a)
2008-08-22Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison2-10/+16
farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy. (This used to be commit dca827791276906436452c650062164eb819dfe0)
2008-08-22idmap_gid_to_sid: Fix a cut-a-npaste error.Gerald (Jerry) Carter1-1/+1
The call was looking up a uid and not gid in the cache. (This used to be commit 25293ba1507f8f8fa7e33c302200184e980bb123)
2008-08-22winbindd: Fix crash in cm_connect_sam()Gerald (Jerry) Carter1-2/+7
Fix segv when talking to parent DC (joined to child domain). The root cause was (a) storing the parent domain in the cli_state struct caused the NTLMSSP pipe bind to fail which made us fallover to the schannel code path (b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning NULL even though the function indicated success. (This used to be commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
2008-08-22cifs.upcall: bump SPNEGO msg version number and don't reject old versionsJeff Layton2-3/+3
When we added the ability for the kernel to send sec=mskrb5 to the upcall, we subtly broke old cifs.upcall versions that don't understand it. Bump the spnego message version to 2 to make this clear. Also, change cifs.upcall to not reject requests with a version that's lower than the current one, and to send the reply with the same version that the request sent. The idea is to try and keep cifs.upcall backward compatible with old kernels. Signed-off-by: Jeff Layton <jlayton@redhat.com> (This used to be commit b868463015dedc684eb13d12118a98ccca71250a)
2008-08-22manpages: Add documentation for new 'net rpc vampire' subcommands.Karolin Seeger1-0/+13
Karolin (This used to be commit 8d0a16d8034cd07037b3c7711867280d5fa5b2c8)
2008-08-22net: Add missing colon to unify usage messages.Karolin Seeger1-2/+2
Karolin (This used to be commit c7aef4b38bd2b152b316d8d76b45be4b73ca315f)
2008-08-22manpages: Add manpage for "init logon delayed hosts".Karolin Seeger1-0/+21
Karolin (This used to be commit a415244365e32ba18919042ec72b3a281d8c1b0a)
2008-08-22manpages: Add manpage for "init logon delay".Karolin Seeger1-0/+15
Karolin (This used to be commit fc5010e6d988939779bcb44e8a460b7b05e7ba9a)
2008-08-22loadparm: idmap backend is not depracated any longer.Karolin Seeger1-1/+1
Karolin (This used to be commit fcfab4703628e19902c140a7ad9531d4be0de01d)
2008-08-21cifs.upcall: fix build warningJeff Layton1-1/+2
Signed-off-by: Jeff Layton <jlayton@redhat.com> (This used to be commit aa3443492c58a7c109fe159e15d763dbafc66f2a)
2008-08-21cifs.upcall: enable building by default on linuxJeff Layton1-4/+19
When building on linux, default to building cifs.upcall. Throw a warning if ADS support is disabled or keyutils isn't installed. Signed-off-by: Jeff Layton <jlayton@redhat.com> (This used to be commit d8018d15f013b8d7be8618b75dac5112711193b7)
2008-08-21cifs.upcall: move default install location to EPREFIX/sbinJeff Layton1-4/+4
cifs.upcall links to libraries that live under /usr, so installing it in /sbin doesn't seem appropriate. Move it to EPREFIX/sbin instead (i.e. /usr/sbin). Signed-off-by: Jeff Layton <jlayton@redhat.com> (This used to be commit 5c9a1b2c98cc712fc519225e62fba4e5088631a3)
2008-08-21cifs.upcall: handle MSKRB5 OID properlyJeff Layton1-5/+13
When the kernel sends the upcall a sec=mskrb5 parameter, that means the the MSKRB5 OID is preferred by the server. This patch fixes the upcall to use that OID in place of the "normal" krb5 OID when it gets a sec=mskrb5 parameter. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <smfrench@gmail.com> (This used to be commit 6287e13b34efeaa8fd94c7c6d99468350ce6172e)
2008-08-21mount.cifs: don't prompt for password on krb5 mountsJeff Layton1-1/+2
krb5 mounts require that the user already have a valid krb5 ticket. Since we can't currently use the password entered, don't prompt for it. Also, switch to using strncmp instead of strcmp here. Signed-off-by: Jeff Layton <jlayton@redhat.com> (This used to be commit c75791c34abebe23c6f6a5534b0358514ec4eabc)
2008-08-21Fix broken net rpc join message when DC can't be found. Ensure we pass in a ↵Jeremy Allison1-2/+3
domain name. Jeremy. (This used to be commit 33019fe2b5f521c143fc79edb915eca69b9ed98d)
2008-08-22rpc_server: make it a little more obvious what flags we send to a client.Günther Deschner1-1/+10
Guenther (This used to be commit f3791e03ab09cadb1f54e32e67f4dfb3cf42e708)