Age | Commit message (Collapse) | Author | Files | Lines |
|
loop when allocating a new id for a SID:
auth_util.patch Revert create_local_token() to
the 3.0.24 codebase
idmap_type.patch Have the caller fillin the
id_map.xid.type field when
resolving a SID so that if we allocate
a new id, we know what type to use
winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls
from the public winbindd interface
for the 3.0.25 release
idmap_rid.patch Cleanup the idmap_rid backend to not
call back into winbindd to resolve
the SID in order to verify it's type.
(This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
|
|
this patch
is moving functions around to fix some linker dependencies for the registry.
Michael, I've renamed your auth_utils2.c to token_utils.c.
Thanks!
Volker
(This used to be commit 9de16f25c1c3e0b203da47391772ef2e2fe291ac)
|
|
- make sure never to free an uninitialised variable
- ensure to free result on getpwnam_alloc failure
Andrew Bartlett
(This used to be commit 5fe3328e66661371182cc1c3b6e239797c3b4f93)
|
|
talloc_free()'ed at the end of a session.
Rework the passwd cache code to use talloc_unlink and
talloc_reference, to more carefully manage the cache.
Andrew Bartlett
(This used to be commit e3e0ec25e67308de314aa61852905ee42aa2c8fe)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
metze
(This used to be commit f948005ca69c50b07fdbcf7801975676d19d1486)
|
|
We can talk about this later if you still feel that strongly
but I need to fix the build for now.
(This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26)
|
|
I am afraid I was basically off the net for the day
(This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10)
|
|
decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
(This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
|
|
idle event.
Volker
(This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
|
|
far, it
needs testing with other clients as well. I'm afraid I'm visiting a conference
tomorrow and saturday, so I'd be happy to get support in this.
Thanks,
Volker
(This used to be commit 2186e276a0f15457ee6b29ecf2d109d812628ff9)
|
|
Guenther
(This used to be commit 7edbb636f7caf43135f0320cc08ff18a34a80594)
|
|
is sending LMv2 make sure we test with the password
blob in the LM field as well as the NT field.
Jeremy.
(This used to be commit a6b55beae7ae0c70cf955d01f51f881f9f962910)
|
|
Vista sends the NTLMv2 blob by default in the tconX
packet. Make sure we save off the workgroup the user
was logged into on the client in the sessionsetupX
and re-use it for the NTLMv2 calc.
Jeremy.
(This used to be commit 45dcf62960c2815c4d8e0c5f4a2d0af24df83290)
|
|
so that
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
|
|
This change is needed to make it possible to not expire
caches in disconnected mode.
Jerry, please can you look at this and confirm it is ok?
Simo.
(This used to be commit 9e8715e4e15d9cede8f4aa9652642995392617e6)
|
|
get rid of previous prototype warnings
(This used to be commit 90265c83ff1c7f11672694ff005d8ecc5d4a867f)
|
|
send_smb failures should be clean exits. All times when we exit as
a matter of policy should also be clean exits.
(This used to be commit d6382092e72120a3c89ffe81975e8898d454bf06)
|
|
Add necessary fixes.
(This used to be commit 4a81ee9608d45f95eaaccc78a080e717cb7d4682)
|
|
Simo.
(This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
|
|
reported by James. Ensure that this function allocates
everything on the temporary context except the return
memory. Never call this with a null mem context, and
now use conn->mem_ctx instead in smbd/service.c.
Remove separate free functions for conn->ngroups
and conn->nt_user_token as they are now always
talloc'ed off the conn->mem_ctx. Future optimization
will be to remove conn->mem_ctx and make all objects
pointed to in the conn struct talloc'ed off conn itself.
Easy to free then :-).
Jeremy.
(This used to be commit f83b6de44f1058811ff94ac72a8a71bd8e49e4e8)
|
|
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
|
|
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
(This used to be commit fea52801de8c7b85c578d200c599475680c5339f)
|
|
It was missing for security=server/domain/ads
Simo.
(This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82)
|
|
(This used to be commit fb3983ae1fdd1935333ffee80bceb747228ac0f3)
|
|
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
|
|
(This used to be commit adfc82f0e6b12f8ccfe00f3ff49a089a4c936239)
|
|
(This used to be commit 157b2c0c262dc9b9ae2a8a3133479e66e6c8db07)
|
|
(This used to be commit 5c00b5497b7b2bb345429893d247cbb6bb0f4e20)
|
|
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.
metze
(This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
(This used to be commit 089b51e28cc5e3674e4edf5464c7a15673c5ec0f)
|
|
Destructors now take a pointer to the "real" destroyed object as an argument.
Volker
(This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf)
|
|
Stanford checker.
Jeremy.
(This used to be commit 45d77ae12235e6b39cc30845d69ac3777d3eefd0)
|
|
username map.
(This used to be commit 0298a3466bc6c5e322db7dac386e4e5eef0e2702)
|
|
Comments from the patch:
/* Add the "Unix Group" SID for each gid to catch mapped groups
and their Unix equivalent. This is to solve the backwards
compatibility problem of 'valid users = +ntadmin' where
ntadmin has been paired with "Domain Admins" in the group
mapping table. Otherwise smb.conf would need to be changed
to 'valid user = "Domain Admins"'. --jerry */
(This used to be commit 3848199287c5829aef66d0dee38a79056fe1ff5c)
|
|
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
|
|
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
|
|
(This used to be commit fd6e3f133b267a9506699d1c2934a153dd732df2)
|
|
Volker
(This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
|
|
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
(This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
|
|
(This used to be commit d12b08fc619f7b566ef5c4cc7294174e887014fe)
|
|
For guest connection they may well be zero.
This should fix up the buildfarm (fingers
crossed).
Jeremy.
(This used to be commit 16ebccbc5889c3b4c1a20bf3453bd523ddf6f5b0)
|
|
Let's look at the build farm now... :-).
Jeremy.
(This used to be commit 6d822b85676f033a1a2e422e2d5ac92aaf566aef)
|
|
netlogon code uses pdb_get_group_sid() which could
return a S-1-1-22 unix sid. Who knew.... :-(.
I'm going to test Volker's fix instead. Once
3.0.23b is out we *have* to rip out the pdb_set_group_sid()
code....
Jeremy.
(This used to be commit 65003e1b251b4762cef2b3cdcc895269f9319eb8)
|
|
please come in and fix it in a less ugly way once
you have some time. Thanks,
Jeremy.
(This used to be commit 79b1e668e2ce263c84ff8fafaafb3e57b06717ab)
|
|
users (username map) and failure to connect to a
share. Essentially, even on a standalone system
we were going into the create_token_from_username()
code (I think by mistake) if the username was mapped.
Fixes bug #3991.
Volker & Jerry - please go over this with a very careful eye
and let me know if this isn't correct (I think it is,
but this isn't my code and it's a dangerous area for
me to be playing in :-).
Jeremy
(This used to be commit 0b5b2b53ec6e4c25b5f6645451dfce4aa7ae8a61)
|
|
(This used to be commit 19d02690002a35cb6e0204db236d2b768e48c6d8)
|
|
If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.
Volker
(This used to be commit f6e3ee147ffde572532fb44b619dda01388d4a31)
|
|
Volker
(This used to be commit 7a629118ee6f468505172147724f7f532f0f4a4f)
|