summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22799: Fix the build.Günther Deschner1-1/+1
Guenther (This used to be commit 6e911c442bf9b076f43f99576f9b588df2c39233)
2007-10-10r22798: Add the "apply group policy" access bit (as seen in type 0x05 ↵Günther Deschner2-1/+5
ALLOWED OBJECT ACEs). Guenther (This used to be commit e138cbc876e50ae25cb15c5109a42bc8b800c1ba)
2007-10-10r22797: We are only interested in the DACL of the security descriptor, so ↵Günther Deschner5-23/+69
search with the SD_FLAGS control. Guenther (This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
2007-10-10r22796: Add security descriptor to GROUP_POLICY_OBJECT structure (in ↵Günther Deschner3-2/+6
preparation of adding GPO security filtering for libgpo). Guenther (This used to be commit b376a39fbf42a6a541fd311418c4a980b9fd4b9e)
2007-10-10r22794: Add "debug_state" and "silent" to pam_winbind.conf template. Honor ↵Günther Deschner2-0/+8
the silent argument when parsing pam configuration file options. Guenther (This used to be commit 5b4a4df26f32fe1947a0c4fb741a4cb89e308f92)
2007-10-10r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "netVolker Lendecke2-64/+118
sam unmapunixgroup" (This used to be commit 55e2f35fad8bda3ff2c2ace5323ddeaee87d783e)
2007-10-10r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and changeVolker Lendecke5-58/+29
return values of some alias-releated pdb functions from BOOL to NTSTATUS Thanks :-) (This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d)
2007-10-10r22784: fixed change notify for delete on closeAndrew Tridgell1-0/+4
(This used to be commit 6f52435a72427a8264096ac14bad54020c9d852b)
2007-10-10r22779: Patch for not prompting for password on cifs mounts when "sec=none"Steve French1-10/+61
specified (This used to be commit 9af97d8ead85c05d08ee24727525894df5866630)
2007-10-10r22777: Fix for [Bug 4543] - POSIX ACL support on FreeBSD.Michael Adam2-0/+7
This adds vfs_posixacl to the list of static modules and makes use of HAVE_ACL_GET_PERM_NP. This is just a quick fix. FreeBSD acl support is still hardcoded in configure.in, but actually this could be detected in a unified test for freebsd, linux, *, as suggested in the bugreport. This has still to be checked and elaborated. Michael (This used to be commit af94654772f743f0c0b7809ff3f2ef019feb713a)
2007-10-10r22775: For the cluster code I've developed a wrapper around tdb to put ↵Volker Lendecke6-1/+755
different database backends in place dynamically. The main abstractions are db_context and db_record, it should be mainly self-describing, see include/dbwrap.h. You open the db just as you would open a tdb, this time with db_open(). If you want to fetch a record, just do the db->fetch() call, if you want to do operations on it, you need to get it with fetch_locked(). I added dbwrap_file.c (not heavily tested lately) as an example for what can be done with that abstraction, uses a file per key. So if anybody is willing to shape that up, we might have a chance on reiserfs again.... :-) This abstraction works fine for brlock.tdb, locking.tdb, connections.tdb and sessionid.tdb. It should work fine for the others as well, I just did not yet get around to convert them. If nobody loudly screams NO, then I will import the code that uses this soon. Volker (This used to be commit e9d7484ca246cfca4a1fd23be35edc2783136ebe)
2007-10-10r22773: - Clean up the the rest of the cruft from my earlier work on the ↵Derrell Lipman1-11/+1
readahead() missing declaration problem. (This used to be commit 44365130ce794e442f52ec7cf3fc51065f713c5f)
2007-10-10r22772: - Still working on the fact that readahead() is not declared (on at ↵Derrell Lipman4-13/+11
least one OS) but is available for linking. Instead of running configure tests with -Werror-implicit-function-declaration in developer mode (which may lead to different library functions being used in developer mode than when not in developer mode), add tests for whether readahead is declared. If not, provide a replacement declaration in lib/replace. (This used to be commit 7d05fa8b32b5b33e95fd9d552d2a45013b4803ec)
2007-10-10r22771: One liner fix for idmap_ldapSimo Sorce1-0/+1
Fixes the strange behavior we were seeing about idmap_ldap creating a new connection for each query. Jerry we need this in for 3.0.25 (This used to be commit 4fb3e0f65562059bd717ea28df701256e8fa9a77)
2007-10-10r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.Volker Lendecke3-29/+38
(This used to be commit 2c5b951eba509e826a29775db992aca474476484)
2007-10-10r22766: Merge from 3_0:Volker Lendecke3-38/+29
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines Add a "deletelocalgroup" subcommand to net sam. Thanks to Karolin Seeger <ks@sernet.de>. (This used to be commit fb6ac8a5b247a961963a9b6a95cd6608c5b53d09)
2007-10-10r22765: Fix from Alison Winters <alisonw@sgi.com> for missing returnJeremy Allison1-0/+1
in sendfilereadbraw. Jeremy. (This used to be commit b523e782b0f3a3899e5f448698fbecddd59f4369)
2007-10-10r22761: This introduces lib/conn_tdb.c with two main functions: ↵Volker Lendecke15-241/+210
connections_traverse and connections_forall. This centralizes all the routines that did individual tdb_open("connections.tdb") and direct tdb_traverse. Volker (This used to be commit e43e94cda1ad8876b3cb5d1129080b57fa6ec214)
2007-10-10r22759: sync lib/talloc with samba4Stefan Metzmacher8-16/+103
metze (This used to be commit 86c510e3198e03ed6efa61b27530bbb008f6802b)
2007-10-10r22755: Second half of r22754. As it stands now, string_replace expects aVolker Lendecke1-10/+8
pstring. Give it one, although I hate putting it in :-) Thanks to Tom Bork! :-) (This used to be commit f4ea3fd36543120fa7d712e6e650c704e4e23759)
2007-10-10r22754: When processing a string, ensure we don't write one pastJeremy Allison1-6/+15
the terminating NULL if we've already processed the null in iconv. Jerry, once I get confirmation from Thomas Bork this needs to be in 3.0.25 final. Tests fine with valgrind here. Jeremy. (This used to be commit 14b167ef6e0f2100bd9cdd05c4457e57e952fa5e)
2007-10-10r22751: Next step for the cluster merge: sessionid.tdb should contain a 'structVolker Lendecke6-25/+25
server_id' instead of a 'uint32 pid' (This used to be commit be7bac55c37676a8137c59a22dfb2e4c4821ac21)
2007-10-10r22747: Fix some C++ warningsVolker Lendecke8-19/+18
(This used to be commit a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
2007-10-10r22745: Add local groups to the --required-membership-sid test. This needsVolker Lendecke2-91/+64
merging to 3_0_26 once Michael's net conf changes have been merged. It depends on token_utils.c. (This used to be commit a99ab3a2ed44522054175f03b60e63fa05a0378a)
2007-10-10r22744: Fix a valgrind error. parse_domain_username does not necessarily fill inVolker Lendecke1-0/+3
the domain. (This used to be commit f4f0d7137758cc674876517590807cc3d634043d)
2007-10-10r22740: Move debug_*_user_token to token_utils.cVolker Lendecke2-47/+47
(This used to be commit 4ad9f8aa61cef94be8d38c6e91aac3a5c848f81f)
2007-10-10r22739: Make prototypes in include/util_tdb.h of some functions fromMichael Adam1-6/+6
lib/util_tdb.c exactly match the definitions. (There were some [u]int_32_t instead of [u]int32, which made a gcc 2.95 on an old AIX without system [u]int32[_t] types complain...) (This used to be commit 7cae0d61170485eb220f546899dfa78f1805a272)
2007-10-10r22738: Fix a debug message.Volker Lendecke1-1/+2
Günther, please check this! Thanks, Volker (This used to be commit 8a038b8cd3f43bb8743eda160b852efdbc80ed70)
2007-10-10r22737: Fix crash bug (info3 is now talloced).Günther Deschner1-1/+1
Guenther (This used to be commit 08a7ee8d968b493a17fd669f3dc6fed7abe3d36e)
2007-10-10r22736: Start to merge the low-hanging fruit from the now 7000-line cluster ↵Volker Lendecke37-160/+149
patch. This changes "struct process_id" to "struct server_id", keeping both is just too much hassle. No functional change (I hope ;-)) Volker (This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
2007-10-10r22732: - Testing of libsmbclient against Vista revealed what is likely a bug inDerrell Lipman3-1/+20
Vista. Vista provides a plethora of kludges to simulate older versions of Windows. The kludges are in the form of shortcuts (or more likely symbolic links, but I don't know enough about Vista to determine that definitively) and in most cases, attempts to access them get back an "access denied" error. On one particular folder, however, "<share>/Users/All Users", it returns an unknown (to ethereal and the Samba3 code) NT status code: 0x8000002d. Although this code does not have a high byte of 0xc0 indicating that it is an error, it appears to be an alternate form of "access denied". Without this patch, libsmbclient times out on an attempt to enumerate that folder rather than returning an error to the caller. This patch corrects that problem. (This used to be commit cc0cd3a12f76b8cd711e3165d4cfe920552f256d)
2007-10-10r22731: - Fix bug #4594.Derrell Lipman10-102/+141
configure.in determines if -Werror-implicit-function-declaration is available, and if so it enables that flag if --enable-developer is specified. Since the configure tests themselves did not use that flag, it was possible for a configure test to succeed, followed by a failed compilation due to a facility being available but not having a proper declaration in a header file. (This bit me with readahead().) This patch ensures that if implicit function declarations will kill the build, the feature being tested is deselected so the build will succeed. The autoconf manual suggests using return instead of exit in configure tests because the declaration for exit is often missing. We require this now, since we error if prototypes are missing. See section 5.5.1 of http://www.gnu.org/software/autoconf/manual/autoconf.html. This patch makes these changes, because in fact, an external declaration for exit is missing here (and likely elsewhere). I've verified that the features selected (here) with the original configure.in and the new one are the same except for, in my case, readahead. I've also confirmed that the generated Makefile is identical. These changes are not being applied to the 3.0.26 branch because it does not exhibit the initial problem this patch is supposed to solve since it doesn't attempt to use -Werror-implicit-function-declaration. (This used to be commit 4d42720915b8f65842147171f689127e94d1b973)
2007-10-10r22730: Fix password changes via pam_winbindd when using "winbind normalize ↵Gerald Carter1-0/+2
names" and the username has been munged. Make sure to munge it back before performing the change_password() request. (This used to be commit ff025d451e165383ad7d524e0e8176d987554049)
2007-10-10r22729: add help text for osver and osname options to 'net ads join' (patch ↵Gerald Carter1-1/+6
from Dnailo A.) (This used to be commit 3f588e0b65433176f8f80312c1456836717cf6de)
2007-10-10r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:Gerald Carter2-9/+101
When asked to create a machine account in an OU as part of "net ads join" and the account already exists in another OU, simply move the machine object to the requested OU. (This used to be commit 3004cc6e593e6659a618de66f659f579e71c07f7)
2007-10-10r22727: remove outdated comment about templatre shell and homedirGerald Carter1-3/+1
(This used to be commit e8f9bd655829f671e9ce395aa9b4b94ff4bab36a)
2007-10-10r22726: When performing an offline logon for a user in a trusted domain,Gerald Carter1-0/+8
take care not to expire the name2sid cache entry just because that child does not know that the primary domain is offline. (This used to be commit 0399f52a1cdbb1acf8d41afddf498529ff4923cf)
2007-10-10r22725: * Don't try to update the sequence_number when offlineGerald Carter1-3/+11
* Log the NTSTATUS when saving name/sid cache entry * Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c to inform the wcache manager that the group list should not be cached (needed for one-way trusts). (This used to be commit 693ab48408dbb775b57dcc5140e27ad9221852a1)
2007-10-10r22724: Call an nss_info backend's init() function if theGerald Carter1-3/+8
previous call was unsuccessful. needed for offline logons. (This used to be commit c3a8dc5d136e33b66849c38bfa910cd044cd521f)
2007-10-10r22720: Fixes for offline auth when using krb5_auth = yes in pam_winbind.Gerald Carter1-8/+26
Assume that "NO_DOMAIN_CONTROLLERS_FOUND" means that the domain is offline. (This used to be commit 30f9cc52bf8270652624c79691d147e05e476583)
2007-10-10r22719: Missed change for one-way trust support. Ignore password policyGerald Carter1-1/+5
settings from one trusted domain with no incoming trust path. Guenther, I think this is ok as we only need the pw policy to give feedback on upcoming expiration times. (This used to be commit c79ae57388d087496777129d6936cd51aab38d5b)
2007-10-10r22717: Add Everyone and AuthenticatedUsers to the user's tokenGerald Carter1-1/+10
for use by the require-membership-of pam_winbind option. (This used to be commit 11f81c5997a014cca9d98c474e7870ebb07c4642)
2007-10-10r22716: Clarify comment in winbindd_domain structureGerald Carter1-2/+2
(This used to be commit 32fd8558bd4531a745a04810a1cb6392dfab16a5)
2007-10-10r22715: When our primary domain does on or offline, make sure to send a msgGerald Carter2-23/+37
to the idmap child. Also remove the check for the global offline state in child_msg_offline() as this means we cannot mark domains offline due to network outages. (This used to be commit 1b99e8b521eae3e9fa775577de01116bb20fb8b3)
2007-10-10r22714: Prevent DNS lookup storms when the DNS servers are unreachable.Gerald Carter1-9/+40
Helps when transitioning from offline to online mode. Note that this is a quick hack and a better solution would be to start the DNS server's state between processes (similar to the namecache entries). (This used to be commit 4f05c6fe26f4abd7ca71eac339fee2ef5e254369)
2007-10-10r22713: Offline logon fixes for idmap manager:Gerald Carter3-60/+80
(a) Ignore the negative cache when the domain is offline (b) don't delete expired entries from the cache as these can be used when offline (same model as thw wcache entries) (c) Delay idmap backend initialization when offline as the backend routines will not be called until we go online anyways. This prevents idmap_init() from failing when a backend's init() function fails becuase of lack of network connectivity (This used to be commit 4086ef15b395f1a536fb669af2103a33ecc14de4)
2007-10-10r22712: Inform the user when logging in via pam_winbindGerald Carter4-0/+38
and the krb5 tkt cache could not be created due to clock skew. (This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811)
2007-10-10r22711: Fix a compile warnign in query_user(). Ensure that user_ridGerald Carter2-3/+2
is initialized. (This used to be commit ef0304268284df7166ecd1b17328076e7ce40de9)
2007-10-10r22710: Support one-way trusts.Gerald Carter8-20/+290
* Rely on the fact that name2sid will work for any name in a trusted domain will work against our primary domain (even in the absense of an incoming trust path) * Only logons will reliably work and the idmap backend is responsible for being able to manage id's without contacting the trusted domain * "getent passwd" and "getent group" for trusted users and groups will work but we cannot get the group membership of a user in any fashion without the user first logging on (via NTLM or krb5) and the netsamlogon_cache being updated. (This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
2007-10-10r22709: we can only use tschannel when commectcing to our primary (might ↵Gerald Carter1-1/+8
need some fixing here for a Samba DC) (This used to be commit 3d2123383d9dab6f0c8832e0f04238aa9a972c70)