Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
_net_ads_join_dns_updates()
|
|
|
|
untangle assignment from check and log error code in message if failed.
|
|
block
If failed, print according error message and skip the attempt to do dns update.
|
|
update block
|
|
update block
log and cleanup accordingly if failed
|
|
error logging
only the dns update failed, not the join.
Also do proper memory cleanup
|
|
code block
by doing an early goto done upon error condition
|
|
|
|
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 31 16:59:29 CET 2012 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Jan 31 15:21:04 CET 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 31 02:23:17 CET 2012 on sn-devel-104
|
|
|
|
Based on work by Matthias Scheler <tron@NetBSD.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jan 31 00:47:19 CET 2012 on sn-devel-104
|
|
authenticating through winbind
This could cause that we authenticate a user with a bogus domain to
winbind's domain if the password supplied for the PAM_AUTH match.
The problem was reported by Jeff Venable (jvenable@juniper.net).
Patch from Andrew Bartlett (abartlett@samba.org).
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
|
|
name of a domain member
This means that if we authentify for BOGUS\administrator in AD domain
FOREST with samba being domain member with the netbiosname MEMBER then
BOGUS\administrator will be mapped to MEMBER\administrator if the
password match.
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
|
|
This avoids casting to and from the struct auth_user_info_dc *user_info_dc
to to this, the
if (user_info_dc->info->authenticated)
is moved into auth_generate_session_info_wrapper(), which is the
function that gensec_security->auth_context->generate_session_info
points to.
Andrew Bartlett
|
|
|
|
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info. This will allow the
calling logic to be put in common.
Andrew Bartlett
|
|
We still use the tdb1 on-disk format, but we do so via the tdb2 library.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Mon Jan 30 08:02:43 CET 2012 on sn-devel-104
|
|
(For now, -1 is the default).
|
|
TDB2 version of commit b83672b36c1ea8c35833c40c3919b63809f16624.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Otherwise, when we switch everyone's scripts will break (including our
own tests!).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Minor changes from tdb/tools/tdbbackup.c.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now.
Similarly, tdb_errorstr() -> tdb_errorstr_compat().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
tdb2 complains if you specify a tdb1 hashsize, and you're not actually
trying to create a new database.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Auditing revealed one place still expecting a -1 return on failure:
tdb2 returns the (negative) errcode directly, so the portable way to
do this is to check for != 0.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 uses the same expansion logic as TDB1, which got factored out
recently. So update TDB2 to match.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from CCAN commit c438ec17d7b2efe76e56e5fc5ab88bd4a02735e8)
|
|
It's much harder to wrap a 64-bit tdb2 than a 32-bit tdb1, but we should still
take care against bugs.
Also, we should *not* cast the length to a size_t when comparing it to
the stat result, in case size_t is 32 bit.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from CCAN commit 6f7cb26e589cea081e71c59801eae87178967861)
|
|
There is no need to return the PAC signatures via the special-purpose
torture element. Instead, use a private pointer on the auth_context
in conjunction with the private PAC processing method.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan 29 16:33:29 CET 2012 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
|
|
This includes encrypted reads and writes, both NTLM and kerberos.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jan 28 00:13:57 CET 2012 on sn-devel-104
|
|
With the posix extensions, we can read 16MB at a time, so we need to check
the full size of the packet, not the size rounded down to the old NBT
limit.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Make the backends that have ADS capability the only ones that can change the
SID and GUID in secrets.tdb at initialization time.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jan 27 19:42:17 CET 2012 on sn-devel-104
|
|
This is causing circular depdnendcies that bring libpdb in all code and this is
BAD.
This change 'protects' the sid and guid of the domain by adding a special key
that makes them effectively read only.
Limit this temporarily to the samba 4 build, once it gets some good testing the
samba4 ifdefs can be dropped.
fix pdb dependencies
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
The SMB1 negprot request already consumed the SMB2 sequence '0'.
This also happens for the SMB 2.02 case.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 27 15:27:41 CET 2012 on sn-devel-104
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jan 27 12:55:01 CET 2012 on sn-devel-104
|
|
|
|
|
|
This fixes compilation issues on freebsd where system popt is installed
under /usr/local.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Jan 27 08:33:52 CET 2012 on sn-devel-104
|
|
talloc() based.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 27 03:43:21 CET 2012 on sn-devel-104
|
|
<ira@wakeful.net>.
Bug #8724 - Memory leak in parent smbd on connection.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 27 01:26:28 CET 2012 on sn-devel-104
|
|
This matches the auth_ntlmssp case and the smbd/sesssetup.c code.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 26 17:58:17 CET 2012 on sn-devel-104
|
|
This matches the behavior of ads_verify_ticket().
Note that ads_verify_ticket() calls krb5_to_nt_status(), but
as a server it's likely to always returns NT_STATUS_UNSUCCESSFUL.
ads_verify_ticket() maps NT_STATUS_UNSUCCESSFUL to NT_STATUS_LOGON_FAILURE.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 26 10:48:36 CET 2012 on sn-devel-104
|
|
Found by a eagle-eyed user.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
|