summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14585: Tighten argument list of kerberos_kinit_password again,Günther Deschner7-25/+40
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
2007-10-10r14584: Really follow with roosbindir by defaulr the setting we use for sbindir.Lars Müller1-1/+1
(This used to be commit 1829d22720612b0e61cec7e66d7cba46c04160b9)
2007-10-10r14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gidGerald Carter1-0/+59
(This used to be commit 3137fe5068e4b0c1724b92f49ca8e1d254324801)
2007-10-10r14579: Add REJECT_REASON_OTHER in the rpcclient chgpasswd3.Günther Deschner1-1/+2
Guenther (This used to be commit 9de3e9e6b26bebc580b771f9020fc7934e44d51c)
2007-10-10r14578: fix incorrect comment in fill_sam_account(). This function is ↵Gerald Carter1-4/+1
called from multiple places now (krb5, winbindd auth and domain_client_validate() (This used to be commit ddad66ec58d09f89105ceb822b7bea534dafd9e6)
2007-10-10r14577: BUG Fixes:Gerald Carter6-25/+215
* Add back in the import/export support to pdbedit * Fix segv in pam_smbpass * Cleanup some error paths in pdb_tdb and pdb_interface (This used to be commit df53d64910fbb96eb810102e986b3c337d54c463)
2007-10-10r14576: Skip remaining keytab entries when we have a clear indication thatGünther Deschner1-1/+23
krb5_rd_req could decrypt the ticket but that ticket is just not valid at the moment (either not yet valid or already expired). (This also prevents an MIT kerberos related crash) Guenther (This used to be commit 8a0c1933d3f354a8aff67482b8c7d0d1083e0c8f)
2007-10-10r14574: Allow use of sendfile as long as the write cache has not been enabledJames Peach1-3/+4
on the particular file we are performing I/O on, irrespective of whether the write cache is globally enabled (This used to be commit 0809e2cb1dfff1cd0e8631b23b415cb2d8a67312)
2007-10-10r14559: Oplocks have changed, process_smb can be static againVolker Lendecke1-3/+2
(This used to be commit 19e9bc03f81d8d000b683cf5c5f478ba25ddeb0d)
2007-10-10r14530: removing unused 'winbind max idle children' parameterGerald Carter1-3/+0
(This used to be commit 0e789b7e43388b0e7155708981b4ab52ec6d3961)
2007-10-10r14522: sync socket_wrapper code with samba4Stefan Metzmacher1-64/+309
metze (This used to be commit 7cf4ad8899d2109ff30d3168fd5028f8548ec34f)
2007-10-10r14515: fix soname breakage caused by mad merge from trunk (missed replacing ↵Gerald Carter1-2/+2
a AC variable) (This used to be commit 7d92cff7a3327cc9da5a4723bd62e68e0402acb8)
2007-10-10r14514: Fixing last commit. Thanks Volker.Günther Deschner1-1/+1
Guenther (This used to be commit 345d2ab5d399a99f271148cf308271cb7fc2c0ca)
2007-10-10r14513: Fix winbindd_chauthtok: only fallback when the chgpasswd3 call is notGünther Deschner1-2/+5
supported. Is there a better way to check for the 0x1c010002 status code? Guenther (This used to be commit c7268dc9ac304e1b6dac80762087a57484906103)
2007-10-10r14512: Guenther, This code breaks winbind with MIT krb1.3.Gerald Carter1-2/+12
I'm disabling it for now until we have en effective means of dealing with the ticket request flags for users and computers. (This used to be commit 635f0c9c01c2e389ca916e9004e9ea064bf69cbb)
2007-10-10r14509: Attempt to fix the build on "sun1"Volker Lendecke1-1/+3
(This used to be commit 6704859950eb93d86906d4916cf6842d9a970d2f)
2007-10-10r14508: Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAMEGünther Deschner1-1/+1
environment. Guenther (This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)
2007-10-10r14507: Re-disable accidentially re-enabled paranoia check. This should makeGünther Deschner1-1/+4
offline logons work again with NT4 and older Samba3 DCs. Guenther (This used to be commit 0892077fcec913ef76b017b5bfe058d20a322915)
2007-10-10r14506: Remove remaining references to a KCM credential cache type.Günther Deschner2-5/+1
Guenther (This used to be commit aae8f8ae7a79d06c74151186f3c2470bdec5687d)
2007-10-10r14505: Rename the timed_event to lockout_policy_event.Günther Deschner2-9/+9
Guenther (This used to be commit 3e607aa69ae2d43fb6ec170d03221a6b22d3f35d)
2007-10-10r14503: Fix principal in debug statement.Günther Deschner1-2/+1
Guenther (This used to be commit 7b1fcb75dadd5ff232d60f93206867cf13322f2e)
2007-10-10r14496: Add WBFLAG_PAM_GET_PWD_POLICY bit to only callout for domain passwordGünther Deschner3-5/+9
policies when requested. No panic, the flags is uint32 so we are not running out of WBFLAG bits. Guenther (This used to be commit 2155bb0535656f294bd054d6a0a7d16a9a71c31b)
2007-10-10r14495: Allow to play with the logon_param flag when testing samlogons.Günther Deschner1-22/+21
Guenther (This used to be commit 52d721b6384cf6f94e1ebb59d21bf09737a539b5)
2007-10-10r14493: There is no point in falling back to a samlogon when a krb5login hasGünther Deschner1-0/+17
failed with a clear error indication. This prevents the bad logon count beeing increased on the DC. Guenther (This used to be commit 5fdddffba5cf05ccac23a64fbe404a34e73fa73c)
2007-10-10r14489: Guard against coverity reversion. #181 is a false positiveJeremy Allison1-0/+2
but make the intent clearer. Jeremy. (This used to be commit 2703df7a8f26a315ae6ab53de8f7814fa66a1c54)
2007-10-10r14482: Fixes for spoolss code (after coverity fixes) when theGerald Carter1-15/+15
client sends a NULL RPC_BUFFER* (This used to be commit 69f816e9f885bdeb6e8c67222b6fdca76d9d1025)
2007-10-10r14480: Kill one boolean flag passed down :-)Volker Lendecke2-9/+7
(This used to be commit d9b85e3b287c24d2a3e2076da331fe06192b0eef)
2007-10-10r14475: patch from Oliver Schulze L. <oliver@samera.com.py> for BUG 3580. ↵Gerald Carter1-3/+7
Make RHEL makerpms.sh script more verbose and add some additional options to the rpmbuild process (This used to be commit 7d73973db1a9133d6165b52031f09257046a64f7)
2007-10-10r14474: Also flush the nscd caches before entering the main winbindd loop.Günther Deschner3-16/+25
Guenther (This used to be commit c81eb71834dc827db63c8adb3f816bbbe916473c)
2007-10-10r14468: Better fix to avoid winbind panic when we have an inproper configurationGünther Deschner2-4/+13
and want to just shutdown and exit. Guenther (This used to be commit 0aa6328ed6ba6d0d24169ffdff0099405c9bfb00)
2007-10-10r14467: Reverting 13660. This needs to be fixed differently.Günther Deschner2-12/+5
Guenther (This used to be commit 4157bfe9cfe79ff78e7e527a50058cf9103cab61)
2007-10-10r14462: Fix warning. ber_tag_t is an unsigned int forJeremy Allison1-1/+1
printing purposes. Jeremy. (This used to be commit 3c33eda430426e40e179799e7341db10c4b2e98e)
2007-10-10r14460: SMBexit closes by pid and vuid. Tested with smbtorture.Jeremy Allison2-4/+4
Jeremy. (This used to be commit 71e81580421225d5b35a25d46a7b6064a826685c)
2007-10-10r14457: Add a few more special cases for RID 513 in the samr code.Gerald Carter3-3/+49
Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
2007-10-10r14454: Janitor for tridge - same code exists in Samba3 and 4.Jeremy Allison1-1/+1
Jeremy. ----------------------------- fixed an hmac-md5 error for keys longer than 64 (using deallocated stack variable) (This used to be commit f3879dd6bbbb20524e138b9ba8a54f6464fee5eb)
2007-10-10r14452: Sorry. Need more coffee....Gerald Carter1-1/+1
* Fix sprintf() args when createing the group search filter. (This used to be commit 0b7549997a3739b2c1500e7838ebaaa249dbfaf4)
2007-10-10r14451: In order to get pdb_ldap searching for SID_NAME_ALIASGerald Carter2-43/+17
groups in the ${MACHINESID} and S_1-5-32 domains correctly, I had to add a substr search on sambaSID. * add substr matching rule to OpenLDAP schema (we need to update the other schema as will since this is a pretty important change). Sites will need to - install the new schema - add 'indea sambaSID sub' to slapd.conf - run slapindex * remove uses of SID_NAME_WKN_GRP in pdb_ldap.c (This used to be commit 2c0a46d73122e9000a900f7e16f9b010ad4b78e3)
2007-10-10r14450: Fix more get_md4pw() breakage caused by missing "breaks"Gerald Carter1-0/+3
in the switch statement which matched the schannel type against the account type. (This used to be commit 57c705ea63381ed9ab09145b4f57a736931fa6ca)
2007-10-10r14449: fix the build (sorry everyone)Gerald Carter1-1/+2
(This used to be commit e49ca3af8c2522aee670e6b807d7b3df31be47f6)
2007-10-10r14448: * protect against NULL cli_state* pointers in cli_rpc_pipe_open()Gerald Carter2-3/+10
* Fix inverted logic check for machine accounts in get_md4pw() (This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
2007-10-10r14443: rework get_md4pw() to ease debugging. The only functional change is thatGünther Deschner1-24/+69
we now check wheter the sec_channel_type matches the trust account type. Guenther (This used to be commit c35eb449375d53ffa0815897e7723c203be1f732)
2007-10-10r14432: Give in and grant BUILT\Administrators all privilegesGerald Carter2-2/+25
(This used to be commit b6170910604dba6533b727de8d7f0cc75256d14f)
2007-10-10r14428: Call fill_share_mode_entry with NO_OPLOCK instead of 0.James Peach1-3/+3
(This used to be commit a39cbaa699d111264c2c9dda49a6e4f42acd3fb8)
2007-10-10r14421: This does two thingsGerald Carter4-9/+86
* Automatically creates the BUILTIN\Users group similar to how BUILTIN\Administrators is done. This code does need to be cleaned up considerably. I'll continue to work on this. * The important fix is for getusergroups() when dealing with a local user and nested groups. Now I can run the following successfully: $ su - jerry -c groups users BUILTIN\users (This used to be commit f54d911e686ffd68ddc6dbc073987b9d8eb2fa5b)
2007-10-10r14418: Try and fix Coverity #39 and #40 by making theJeremy Allison1-2/+10
implicit function contract explicit. Jeremy. (This used to be commit 6de5e9ae4628d384631db9b66e22d439a303b75c)
2007-10-10r14416: Remove deadcode. Coverity #198.Jeremy Allison1-11/+1
Jeremy. (This used to be commit 7fc61f5a63c982cfd0fbe1838979ba7be8f69fca)
2007-10-10r14408: More on fix for coverity #36. The previous fix would cause us toJim McDonough1-0/+2
marshall a buffer based on an unknown size. Zero out the sec_desc buffer to prevent this. This is still not getting proper results for a registry security descriptor (everything gets ACCESS DENIED), but at least we aren't blowing out memory now... (This used to be commit cb370cc28ce361628df137c9aef02739aca062db)
2007-10-10r14406: Disable this call until we can sort out how thisJeremy Allison1-0/+6
should be done correctly. Fix coverity #37. Jeremy. (This used to be commit d241f74e06eac7b61e5b7e09c2b9a955ec560fec)
2007-10-10r14405: Fix the build when nscd_flush_cache is detectedJeremy Allison1-10/+12
(variable definition was missing). Jeremy. (This used to be commit 48594f0270502149069fc883096181a9730d76bf)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter14-131/+253
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)