Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit dd457588134971d839a431e004ef821cb46be671)
|
|
(This used to be commit ee63331256e12df239c6981e87f57e3bffb361d7)
|
|
(This used to be commit e599eba851db40816c684da2b7b1be4b978166e0)
|
|
split out privileges from rpc_lsa.h
(This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
|
|
(This used to be commit a4fc9c3b2dfbdbb3f75bf38415741ff66dbe1367)
|
|
(This used to be commit e9beb6cc95b83958af4fe4fce292f831304ae8a4)
|
|
creeping back in to the source. Use True and False instead.
(This used to be commit 5a5a7ce7479a56ca2d472658511a47c9147c0d5b)
|
|
This patch moves the ldap routines out of passdb into a generic
library and implements an LDAP backend for IDMAP. THe backend
can be enabled with "idmap backend = ldap" in smb.conf. THere
are also schema changes to make sure to update teh ldap schema files.
(This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
|
|
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
|
|
Mostly this consists of untangling the existing code and moving it in
to operating system specific files. The winbind client code for all
supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch]
to make things a bit clearer.
(This used to be commit 93ea047a16a292b23a1d8736ce9bc4098ba142ba)
|
|
fixed getsmbpass replacement test
(This used to be commit ff43a292b9f8e0a39d19cb099913efd899de84fa)
|
|
which then changes SIGRTMIN. It is also possible for bash to leave
some real time signals blocked at startup. This fixes both problems.
(This used to be commit 8d45bf644aecb6993c2a82b86a4527b33029ed8f)
|
|
some warnings)
(This used to be commit d453b656e56a9b836b76f1cdce8de65d7bc4eb6c)
|
|
This patch enables the compile-time checking of strings assable by means of
sizeof(). (Original code had the configure check reversed).
This is extended to all safe_strcpy() users, push_string and pull_string,
as well as the cli and srv derivitives. There is an attempt to cap strings
at the end of the cli buffer, and clobber_region() of the speified length
(when not -1 :-).
Becouse of the way they are declared, the 'overmalloc a string' users of
safe_strcpy() have been changed to use overmalloc_safe_strcpy() (which skips
some of the checks).
This whole ball of mud worked fine, until I pulled out my 'fix' for our
statcache. When jeremy fixes that, we should be able to get back to testing
this stuff.
This patch also includes a 'marker' of the last caller to clobber_region (ie,
the function that called pstrcpy() that called clobber_region) to assist in
debugging problems that may have smashed the stack. This is printed at
smb_panic() time. (Original idea and patch by metze).
It also removes some unsused functions, and #if 0's some others that are
unused but probably should be used in the near future.
For now, this patch gives us some confidence on one class of trivial parsing
error in our code.
Andrew Bartlett
(This used to be commit 31f4827acc2a2f00399a5528fc83a0dae5cebaf4)
|
|
etc. So check for that as well as the old names when including macros
and conditionally defining -DVALGRIND.
(This used to be commit c9151c7b1113e2f01bd33d4dd301a2e7e2040b35)
|
|
recent Valgrind relases and clashing with -DVALGRIND.
(This used to be commit 98479f1315cf8968152e1566966ac57e171008c3)
|
|
(This used to be commit 71c8e90117f00f168416f2f35a1c25755e2d0ed4)
|
|
(This used to be commit 65ba78c6bd4c5ab7ec9bf4d15e4410482e82588d)
|
|
genparser works fine, and it is a marvelous tool to store objects in tdb :)
(This used to be commit 4c6d461a8572f03cd33cba95500cc837638b732c)
|
|
Andrew Bartlett
(This used to be commit 32fd0c49009e38022523cc5c14567dd55de08206)
|
|
(This used to be commit 762b072efb0d6801775a874494cb19ea3d61fa97)
|
|
what I use in Midgard for past few years, modified for Samba needs.
(This used to be commit 747d2d70a9eb4d9222d7b63e5fcec269eda76672)
|
|
(According to the manpages, you cannot put a stack variable into putenv()).
Yes, this leaks memory.
Andrew Bartlett
(This used to be commit 50bced1e26434ecc7474964062746e2831e5f433)
|
|
sucked into proto.h?
(This used to be commit 7e84497882df5bf933ab7ae7fe9af3728393202c)
|
|
- Provide generic functions for
- get valid encryption types
- free encryption types
- Add encryption type parm to generic function create_kerberos_key_from_string()
- Try to merge the two versions (between HEAD and SAMBA_3_0) of kerberos_verify.c
I think this should work for both MIT and heimdal, in HEAD. If all goes smooth,
I'll move it over to 3.0 soon...
(This used to be commit 45e409fc8da9f26cf888e13d004392660d7c55d4)
|
|
Jeremy.
(This used to be commit 371f4aca9204f3c093af622ec6c9ea7c5145bf85)
|
|
if no kerberos selected. Noticed by Metze.
Jeremy.
(This used to be commit 1684719695acb7168115b032fc1ec672509239ea)
|
|
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
(This used to be commit 77aeb262ef7c7cd3d206afe2d5445caaca943dfd)
|
|
Jeremy.
(This used to be commit c3544c119e4cafb817479b4c5dfae178c3de000b)
|
|
detect for now, I still have vague hopes of hiding the differences
between MIT and Heimdal with a compatibility layer....
Jeremy.
(This used to be commit a776fbef3244ae82a17c57a7f62de115fd023c86)
|
|
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
|
|
compiler-based argument checking.
(This used to be commit 16fe928e68623a878b125910ff83df500a29d0ce)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
Check return in ldap.
Jeremy.
(This used to be commit e789edbb287319f52f49f2999917a610565144d9)
|
|
(This used to be commit 5320d54b901b92a3a8cdf9a407651713826c6c9f)
|
|
Jeremy.
(This used to be commit ff3a8d37289216a2cb808406044a7abef1e564d0)
|
|
Jeremy
(This used to be commit 185804ac945e717a5e3d3602e8118b35080f6251)
|
|
0x80000000 -> 0xFFFFFFFF would fail as they were being cast
from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types).
The sign extension would cause the offset to be treated as negative.
Thanks to Herb for helping me track this one down (IRIX is good for large
file tests :-).
Jeremy.
PS. That horrid EXEXIST thing has broken configure.....
(This used to be commit fc7d3faed798e7496f2991ec7d795c3b1a3758f5)
|
|
(This used to be commit 732bc4519f1119100607cc84400e8f84e0c0ba9d)
|
|
(This used to be commit 66ef6b942e00dc0d7742226f24861445d3bc0eb3)
|
|
(This used to be commit aa52351384abace54a89c9fbfa5e4c31a8464c91)
|
|
--with-ads=no or ./configure --without-ads Samba will build without
linking to the various kerberos libraries.
(This used to be commit edb6172abf0f07fead8ed3aaaebe0411d757aa64)
|
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
#ifdef mess...) in readline.c, we don't need or use them in the rest of Samba.
(This OK was of course conditional on 'if you break it, you better fix it...')
Andrew Bartlett
(This used to be commit 55ee289f587f107fa03c5f889491fdaab101df2d)
|
|
syslog() since Paul Green's POSIX patch.
(This used to be commit d3b29b0b2d2ffd5c050900ff8cae441b91f95526)
|
|
in includes.h
Andrew Bartlett
(This used to be commit ed184ed1905b49956528b6835f48a69ba3c1a045)
|
|
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
|
|
(This used to be commit 6395c34f2f981d59b761d8615851a8fd54c1c304)
|
|
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
(This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|