| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Jeremy.
(This used to be commit 5d22ca00bcdf49dcb35468400ac8cc3c57808d0d)
|
|
This combined check has been replaced by is_dc_trusted_domain_situation()
which does not check for lp_allow_trusted_domains().
Michael
(This used to be commit 0a24c038b7bc6edef0021eb121a072cc7e8f9165)
|
|
cm_prepare_connection
when checking for a trusted domain situation.
This is how it was meant to be:
Otherwise, with a dc-trusted-domain situation but trusted domains disabled,
we would attempt to do a session setup and fail (wouldn't even get a trust
password).
Michael
(This used to be commit a5a51ca8e5971992d9b060d66201b808bd2b7a53)
|
|
Before fetching legacy password hash, check for trusted domain situation,
but also fail if trusted domain support is not enabled.
Michael
(This used to be commit aa1b8287f44f47f23bd4158112d0a132df04426c)
|
|
Michael
(This used to be commit 5f197c659e9c8a573ba5032c7f90c816df45770c)
|
|
(but trusted domain situation was found)
This completes the fix for bugs #5425 and #5451 by Steven Dannemann,
in that now no special cases are left uncovered.
Michael
(This used to be commit 0b26bcd3becb869319bca48bbf244c18b6e8e3dd)
|
|
This is like is_trusted_domain_situation() except that it does not
check for lp_allow_trusted_domains().
Michael
(This used to be commit a284c8843528972904d142b573f1170a08c97751)
|
|
Guenther
(This used to be commit 1e883c88cb667a1485de8e8bbaebb43542f43065)
|
|
Guenther
(This used to be commit d70376fc4faaf9a55337c57035e42afa6a007d1a)
|
|
Guenther
(This used to be commit d68dcc99c715f9fc1a39f280d76ba21a1fd24e88)
|
|
Guenther
(This used to be commit 0e77e71ec3bf6115fa2b6ea74502bdc02b037ab6)
|
|
Guenther
(This used to be commit 5611cf42530072bc244a7bed258d3ac959bd0b65)
|
|
Set the iServiceIndex to "-1" for starup with either config
backend (originally only for text backend). Otherwise,
process_registry_shares() will fail.
Currently, the only user of lp_load_with_registry_shares() is testparm.
Michael
(This used to be commit 5e2b925367241c41793b2eb7a628e9fc9f3ac8ff)
|
|
(This used to be commit 3b1dae7c31b881834ca4494c4434ae97a56ce6c7)
|
|
(This used to be commit 194ea682d9a5c12a0125fecc20349ca9cc3d3ea1)
|
|
Jelmer, would it be possible to make the rpc client functions take const
pointers for pure [in] arguments?
(This used to be commit d893b2ea13d2e64f1c13aa3984f77baa91a2c658)
|
|
(This used to be commit 2dbbd81677af9c470ee9370ca5414876d21c6b9b)
|
|
(This used to be commit 344d69f95e217d16213eaa6b53141af6ab459708)
|
|
This required to pass around the domain a bit
(This used to be commit 17b0db20d28d1b737c5e86b78106657e8ca5ce9c)
|
|
(This used to be commit f52d7c3faba4aa815d95883775f4859251406161)
|
|
(This used to be commit c1e115964b671802a4af5beab3ad3222ee17b9c0)
|
|
No need for this split any more.
Michael
(This used to be commit 534e87de2eed10db0c8fc5dd8ab7dd2621b09408)
|
|
Michael
(This used to be commit 14635b2684d9167fb59193cfd225925dd3baac3f)
|
|
Michael
(This used to be commit 3bb1c07890c01303e83a900c58651a990b19fc85)
|
|
Michael
(This used to be commit 73eb8b7386109c72b13f8d7b5ff5db9baaef280d)
|
|
cli_rpc_pipe_open() now uses tcp transport for drsuapi and named pipe
transport for all other pipes.
This finally allows rpcclient to call dscracknames on windows
(don't forget to call "seal" in advance).
Guenther
(This used to be commit b243a036026e79b8d3fb75bf7f7d59a27cb813af)
|
|
Guenther
(This used to be commit bd13c87bac54d4bbae7b3cd7c9dc991d143d4d89)
|
|
Guenther
(This used to be commit 92412648c3fc18ba0bfc56b76c6d3816f627628f)
|
|
This reverts commit b2421c81164da2a5ea4bb2391e4f2c410938db42.
(This used to be commit f853f3b0aceb7e8454f9f7de38237eecec4317fd)
|
|
Guenther
(This used to be commit b2421c81164da2a5ea4bb2391e4f2c410938db42)
|
|
Guenther
(This used to be commit 7c93190843e77764be4d0f6d4f0b93061c192c98)
|
|
Win2008 domain (merged from v3-0-test).
commit 8dc4e979776aae0ecaa74b51dc1eac78a7631405
Author: Steven Danneman <sdanneman@isilon.com>
Date: Wed May 7 13:34:26 2008 -0700
spnego SPN fix when contacting trusted domains
cli_session_setup_spnego() was not taking into consideration the situation
where we're connecting to a trusted domain, specifically one (like W2K8)
which doesn't return a SPN in the NegTokenInit.
This caused two problems:
1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we
were always using our default realm, not the realm of the domain we're
connecting to.
2) When falling back on NTLMSSP for authentication we were passing the name
of the domain we're connecting to for use in our credentials when we should be
passing our own workgroup name.
The fix for both was to split the single "domain" parameter into
"user_domain" and "dest_realm" parameters. We use the "user_domain"
parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN
if none was returned in the NegTokenInit2 packet. If no "dest_realm" is
provided we assume we're connecting to our own domain and use the credentials
cache to build the SPN.
Since we have a reasonable guess at the SPN, I removed the check that defaults
us directly to NTLM when negHint is empty.
(This used to be commit b78b14c88e8354aadf9ba7644bdb1c29245fe419)
|
|
looking up trust credentials in our tdb.
commit fd0ae47046d37ec8297396a2733209c4d999ea91
Author: Steven Danneman <sdanneman@isilon.com>
Date: Thu May 8 13:34:49 2008 -0700
Use machine account and machine password from our domain when
contacting trusted domains.
(This used to be commit 69b37ae60757075a0712149c5f97f17ee22c2e41)
|
|
This should fix the build with non gnu make
metze
(cherry picked from commit 401a0c84fe5f60e57e95331805da6b53dd1d7c2e)
(This used to be commit 36ba31e39b28e5495b0aeb8638df3a10ce6c51e6)
|
|
metze
(cherry picked from commit b68916328e935e61840cb03560ebeeee15bb2c6f)
(This used to be commit 196d9017627220786d8b726dc0d02e16e96c4c05)
|
|
metze
(cherry picked from commit 04d465c622c614bec29f24793ae897a73bcb51f4)
(This used to be commit e7dcbf56aef836e1b4be70b21064f65338221b5a)
|
|
There's --enable-symbol-versioning=no to disable it.
metze
(cherry picked from commit cb5492978b6b157f529806afb2f5fc6202888129)
(This used to be commit a739652d94300881479262648592223536fc8eec)
|
|
metze
(cherry picked from commit 8e0fcd583a643a8f4240698efcbb177463534a82)
(This used to be commit 17ce13775423efffd8ddfb967e1e09b2f41849af)
|
|
metze
(cherry picked from commit ce9d8ea9818d91bd91f95149f3b0a7ed4f2dae3b)
(This used to be commit dc0a4f7dc502cb285bce9de2ef72a722f91c43b9)
|
|
metze
(cherry picked from commit efb23fdce72db48b4c149fb3dd4a6f4aa3eebbbe)
(This used to be commit 3bf5a047e3d478b3356df7aa5c4f4a9d0b763639)
|
|
(This used to be commit 6106d48a5c94e7c1f3a7234807e43aca0a51fa62)
|
|
Michael
(This used to be commit 5a99f59d7514edadbab081dc0c5c28a6ea26972a)
|
|
metze
(cherry picked from commit dc09e04d524dcc92a29da0864666fd4258a81b76)
(This used to be commit c3797d6a2cc2e4c5b0678dc92924c26b18bd2678)
|
|
as they are no longer needed now we have IDL marshalling.
Change the calculation of the 32-bit fileid we return
to a Windows client. We can't just use the generation
count as it starts at zero for every smbd - and this
command must enumerate all files open across all smbds.
We'd really like combination of process-id + dev + inode +
generation count to be unique, but as we can't fit that
into 32 bits just use 16 bits of pid + generation count.
Jeremy.
(This used to be commit 8b926d5a93d04b828990057ae6f1e090764305c1)
|
|
This reverts commit 1078b5c53ae9d6f9532eecebf9cf4a1712200b7e.
This message doesn't match the actual change.
(This used to be commit a65abb49cf8d291c7deb659912c0df34ec37da02)
|
|
Jeremy.
(This used to be commit 1078b5c53ae9d6f9532eecebf9cf4a1712200b7e)
|
|
Jeremy.
(This used to be commit 2281274480d8cf9e773874301dbbc7bf06346901)
|
|
the IDL is documented incorrectly in the MS-DOCS.
Username and path need to be reversed (yes I will
raise this with MS). Secondly, we need to check
access_mask for the permissions, not share_access
(share_access are the deny modes).
Jeremy.
(This used to be commit bdaad19f90e991aba2afccfa13afbbfe2ac7baaf)
|
|
Jeremy.
(This used to be commit 0bc18967aa7cb6f4debeaa48be81d0e48a7d9503)
|
|
Previously WINBINDD_LIST_GROUPS requests (ex: wbinfo -g) were handled by the
winbindd parent process in a sequential fashion. This patch, delegates the work
to the winbindd children so that the request is handled much faster in large
domain topologies, and doesn't block the parent from receiving new requests.
The core group enumeration and conversion that was handled in
winbindd_list_groups() has been moved into winbindd_dual_list_groups() to be
done by the child.
The parent winbindd_list_groups() simply calls each of the children
asynchronously.
listgroups_recv() aggregates the final group list that will be returned to the
client and tracks how many of the children have returned their lists.
The domain name of the child is passed back through the callbacks to be used in
debugging messages.
There are also several fixes to typos in various comments.
(This used to be commit 037b9689d9042a398cb91e4628a82fcdfa913c21)
|
