Age | Commit message (Collapse) | Author | Files | Lines |
|
Michael
(This used to be commit 46bfbf5c8af6c030e67219a29c49fd2d40003b18)
|
|
Jeremy.
(This used to be commit 2a700c5a57a417add3b1975b2c396d20c8a5f301)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
|
|
Michael
(This used to be commit da23684261f40c06dea30ab2df0c878ebb0d0d81)
|
|
Michael
(This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
|
|
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
|
|
(This used to be commit aec5f1512660953168a2c55b2890cd6c076b8a92)
|
|
Jeremy, please check
(This used to be commit 60500fac30911500eade7c2a9aa13569dcab0911)
|
|
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
|
|
Jeremy.
(This used to be commit 0002a9e96b0ef78316295a6eb94ff29b64e2f988)
|
|
Jeremy.
(This used to be commit 72c19d114b40ee307bbe45d9828667165a26d7a3)
|
|
Jeremy.
(This used to be commit f1680bada913af4eaf5c0d686983018d6c8b3e5f)
|
|
I have a plan for dealing with the remaining..... Watch
this space.
Jeremy.
(This used to be commit 963fc7685212689f02b3adcc05b4273ee5c382d4)
|
|
Jeremy.
(This used to be commit 95d01279a5def709d0a5d5ae7224d6286006d120)
|
|
statics. Part of my library cleanups.
Jeremy.
(This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
in create_token_from_username(). This caused set_nt_acl to
partially fail in certain circumstances.
This is expected to bring an improvement to bug #4308.
Michael
(This used to be commit e68671b59500d7e1b645c80ee264c49893f8df84)
|
|
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08)
|
|
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
|
|
This triggered a "cannot access LDAP when not root"-bug with
"passdb backend = ldap" and "winbind nested groups = yes".
This *might* be a step towards fixing bug #4308, since the
failure was observerd when triggered by acl code.
Michael
(This used to be commit ba8c48244e140403b728d9a2ca297b40e8888964)
|
|
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
|
|
using the "lanman auth = no". Tested by Guenter Kukkukk.
(This used to be commit 611fdd95a583ebd22ffa17e2f39c5a1bb0936c63)
|
|
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba7346597425307e260e88647e49081f68)
|
|
sid_array_from_info3()
function.
Guenther
(This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Long overdue fix....
Jeremy.
(This used to be commit 073fdc5a58139796dbaa7ea9833dca5308f11282)
|
|
In make_server_info_pw() we assign a user SID in our
authoritative SAM, even though this may be from a
pure "Unix User" that doesn't exist in the SAM.
This causes lookups on "[in]valid users" to fail as they
will lookup this name as a "Unix User" SID to check against
the user token. Fix this by adding the "Unix User"\unix_username
SID to the sid array. The correct fix should probably be
changing the server_info->sam_account user SID to be a
S-1-22 Unix SID, but this might break old configs where
plaintext passwords were used with no SAM backend.
Jeremy
(This used to be commit 80d1da7e6cce451d3934751feaa6ad60a337e3db)
|
|
activation of global registry options in loadparm.c, mainly to
extract functionality from net_conf.c to be made availabel elsewhere
and to minimize linker dependencies.
In detail:
* move functions registry_push/pull_value from lib/util_reg.c to new file
lib/util_reg_api.c
* create a fake user token consisting of builtin administrators sid and
se_disk_operators privilege by hand instead of using get_root_nt_token()
to minimize linker deps for bin/net.
+ new function registry_create_admin_token() in new lib/util_reg_smbconf.c
+ move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c
+ adapt net_conf.c and Makefile.in accordingly.
* split lib/profiles.c into two parts: new file lib/profiles_basic.c
takes all the low level mask manipulation and format conversion functions
(se_priv, privset, luid). the privs array is completely hidden from
profiles.c by adding some access-functions. some mask-functions are not
static anymore.
Generally, SID- and LUID-related stuff that has more dependencies
is kept in lib/profiles.c
* Move initialization of regdb from net_conf.c into a function
registry_init_regdb() in lib/util_reg_smbconf.c.
Michael
(This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e)
|
|
expire a password if it's explicitly set as ACB_PWNOTREQ.
Jeremy.
(This used to be commit 2ea5a6bd334e31201aa6f93f5c51e42924d36ebd)
|
|
(This used to be commit f1e8de4b576b3954d456cb64c02417908bab8da4)
|
|
(slightly truncated by me). Will be in 3.0.25a.
Jeremy.
(This used to be commit 039fb906af883a7ca1a68955f1b36b583fe1b698)
|
|
release yet .... ;-))
(This used to be commit f93b6353fe18e2c992a3dad96afd1a4c16032c55)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
pass_last_changed == 0 we now return "Change now!" instead of "Change
never"
(This used to be commit 450e4d94f64f86a3dd709265d15ed5082d4b53e8)
|
|
(This used to be commit 4ad9f8aa61cef94be8d38c6e91aac3a5c848f81f)
|
|
Jeremy.
(This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
|
|
calls. No functional changes. Looks bigger than it is :-).
Jeremy.
(This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
|
|
loop when allocating a new id for a SID:
auth_util.patch Revert create_local_token() to
the 3.0.24 codebase
idmap_type.patch Have the caller fillin the
id_map.xid.type field when
resolving a SID so that if we allocate
a new id, we know what type to use
winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls
from the public winbindd interface
for the 3.0.25 release
idmap_rid.patch Cleanup the idmap_rid backend to not
call back into winbindd to resolve
the SID in order to verify it's type.
(This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
|
|
this patch
is moving functions around to fix some linker dependencies for the registry.
Michael, I've renamed your auth_utils2.c to token_utils.c.
Thanks!
Volker
(This used to be commit 9de16f25c1c3e0b203da47391772ef2e2fe291ac)
|
|
- make sure never to free an uninitialised variable
- ensure to free result on getpwnam_alloc failure
Andrew Bartlett
(This used to be commit 5fe3328e66661371182cc1c3b6e239797c3b4f93)
|
|
talloc_free()'ed at the end of a session.
Rework the passwd cache code to use talloc_unlink and
talloc_reference, to more carefully manage the cache.
Andrew Bartlett
(This used to be commit e3e0ec25e67308de314aa61852905ee42aa2c8fe)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
metze
(This used to be commit f948005ca69c50b07fdbcf7801975676d19d1486)
|
|
We can talk about this later if you still feel that strongly
but I need to fix the build for now.
(This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26)
|
|
I am afraid I was basically off the net for the day
(This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10)
|
|
decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
(This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
|