summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-53/+44
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r15462: replace the use of OpenLDAP's ldap_domain2hostlist() forGerald Carter1-22/+29
locating AD DC's with out own DNS SRV queries. Testing on Linux and Solaris. (This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
2007-10-10r15243: Sorry for the breakage:Günther Deschner1-0/+9
* Fix the build without kerberos headers * Fix memleak in the krb5_address handling Guenther (This used to be commit 10e42117559d4bc6a34e41a94914bf6c65c3477f)
2007-10-10r15240: Correctly disallow unauthorized access when logging on with theGünther Deschner2-1/+99
kerberized pam_winbind and workstation restrictions are in effect. The krb5 AS-REQ needs to add the host netbios-name in the address-list. We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from the edata of the KRB_ERROR but the login at least fails when the local machine is not in the workstation list on the DC. Guenther (This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
2007-10-10r15227: Fix a valgrind error. We are marshalling here, not unmarshalling.Volker Lendecke1-2/+1
Jeremy, can you check this? This was part of your -O6 on 64bit sweep. Volker (This used to be commit 4fa5dbcc8dd1f150664e1241b22e3f048d816001)
2007-10-10r15216: Fix the build for machines without krb5. Oops, sorry.Jeremy Allison1-2/+2
Jeremy. (This used to be commit bea87e2df45c67cc75d91bd3ed1acc4c64a1c8ea)
2007-10-10r15210: Add wrapper functions smb_krb5_parse_name, smb_krb5_unparse_name,Jeremy Allison1-10/+83
smb_krb5_parse_name_norealm_conv that pull/push from unix charset to utf8 (which krb5 uses on the wire). This should fix issues when the unix charset is not compatible with or set to utf8. Jeremy. (This used to be commit 37ab42afbc9a79cf5b04ce6a1bf4060e9c961199)
2007-10-10r15162: Patch for bug #3668. Windows has a bug with LARGE_READXJeremy Allison2-4/+24
where if you ask for exactly 64k bytes it returns 0. Jeremy. (This used to be commit dcef65acb5bc08ea4b61ef490a518b7e668ff2ee)
2007-10-10r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.Jeremy Allison1-4/+16
With this change (and setting lanman auth = no in smb.conf) we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth. Jeremy (This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10r15028: Fix logic error checking valid args to POSIX lockJeremy Allison1-1/+1
call. Jeremy. (This used to be commit 44b0d856ae867d1c407507dcf7940dd39f4f963a)
2007-10-10r15018: Merge Volker's ipc/trans2/nttrans changes overJeremy Allison4-257/+124
into 3.0. Also merge the new POSIX lock code - this is not enabled unless -DDEVELOPER is defined. This doesn't yet map onto underlying system POSIX locks. Updates vfs to allow lock queries. Jeremy. (This used to be commit 08e52ead03304ff04229e1bfe544ff40e2564fc7)
2007-10-10r14664: r13868@cabra: derrell | 2006-03-22 17:04:30 -0500Derrell Lipman1-14/+89
Implement enhancement request 3505. Two additional features are added here. There is now a method of saving an opaque user data handle in the smbc_ context, and there is now a way to request that the context be passed to the authentication function. See examples/libsmbclient/testbrowse.c for an example of using these features. (This used to be commit 203b4911c16bd7e10198a6f0e63960f2813025ef)
2007-10-10r14645: No idea how this happened, fixing the build.Günther Deschner1-55/+0
Guenther (This used to be commit d45b9abb0ec7d943e9fb374d64385d6c540fffe2)
2007-10-10r14643: Merge dcerpc_errstr from Samba 4.Günther Deschner1-0/+110
Might need to rework prs_dcerpc_status(). Guenther (This used to be commit 38b18f428ba941f4d9a14fa2de45cb0cd793a754)
2007-10-10r14585: Tighten argument list of kerberos_kinit_password again,Günther Deschner1-1/+1
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
2007-10-10r14506: Remove remaining references to a KCM credential cache type.Günther Deschner1-1/+1
Guenther (This used to be commit aae8f8ae7a79d06c74151186f3c2470bdec5687d)
2007-10-10r14418: Try and fix Coverity #39 and #40 by making theJeremy Allison1-2/+10
implicit function contract explicit. Jeremy. (This used to be commit 6de5e9ae4628d384631db9b66e22d439a303b75c)
2007-10-10r14355: Try and fix Coverity #158 by making the pointerJeremy Allison1-6/+8
aliasing clearer. This isn't a bug but a code clarification. Jeremy. (This used to be commit 7ada96a1cfb1e928b7dfde101ca250b20024243f)
2007-10-10r14279: Fix coverity #86, 87, 88, 89:Jim McDonough1-10/+27
Free grp_sid and owner_sid before returning. Also, only allow one group or owner. (This used to be commit 1043e0d90ccb3493417f7bf05b70bdf5513bb1a3)
2007-10-10r14241: Fix Coverity bug # 146Volker Lendecke1-1/+3
(This used to be commit 97789ec8fc4ae2d31f6dd554d9979abce186eb30)
2007-10-10r14236: Fix Coverity bug # 90Volker Lendecke1-0/+1
(This used to be commit 019dff53f906a6eb7961a95089bff12361e31e57)
2007-10-10r14235: Fix Coverity bug # 91Volker Lendecke1-0/+12
(This used to be commit 26d471c02c6ddff15836a3c0d30f9e37f018b66d)
2007-10-10r14234: Fix Coverity bug # 93Volker Lendecke1-0/+1
(This used to be commit 8a8d9057d98b24710c98fa48df9d7f330a8ebdc0)
2007-10-10r14218: Fix Coverity Bug # 2Volker Lendecke1-5/+0
(This used to be commit 26377b63a3a3d2d5ed23bdbb5f22b70ec7d3fcad)
2007-10-10r14158: Fix coverity CID #147 -- do not dereference pointers before checking ↵Alexander Bokovoy1-2/+4
their existence (This used to be commit 6b52423033b2eccdfad1e91e9d59619664f570ac)
2007-10-10r14133: Fix Coverity bug # 140Volker Lendecke1-2/+2
(This used to be commit 5007f53eb54eddff3d13df929d78385d6b158057)
2007-10-10r14022: Fix Coverity bug # 92Volker Lendecke1-0/+1
(This used to be commit b824245c4e04353f0d3fd0ccf6bc5776a601daed)
2007-10-10r13991: Fix Coverity bug # 69Volker Lendecke1-0/+1
(This used to be commit 6dc79e6b12e221e9af85a1edf487b5fb5aae222b)
2007-10-10r13987: Fix Coverity bug # 74. This tool is good...Volker Lendecke1-0/+1
Thanks, Volker (This used to be commit 86f62484dd7db43e036d9edf29e459b8bd0e5fbe)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison6-51/+34
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13893: Fix for Coverity issue CID #164. The first one that I don'tJeremy Allison1-0/+2
think is a direct bug, but some code that needs clarification :-). Jeremy. (This used to be commit 61901a3f10de64a72b655d9aa884424a4fc88a44)
2007-10-10r13889: Fix resource leak on error path. Coverity bug CID #73.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 46e10980927f1dfa4a1995e778df880cf823cbdb)
2007-10-10r13763: r13223@cabra: derrell | 2006-02-28 20:48:23 -0500Derrell Lipman1-1/+5
Add the missing comment about needing to save the new share name. (This used to be commit bb3b15e631c8dae7aaea303be18e086d63ee16d6)
2007-10-10r13761: r13221@cabra: derrell | 2006-02-28 20:40:56 -0500Derrell Lipman1-0/+11
When only allowing one connection per server, the cache needs to track which share is currently connected, or we never know whether a tdis()/tcon() for the new share is required. (This used to be commit ad0a725ef5f68db442b3b217c5a852086eff9297)
2007-10-10r13676: have to return a value from a non-void functionGerald Carter1-1/+1
(This used to be commit 70e7c9de9dee9317164c0f96a44827ae8b959254)
2007-10-10r13671: fix return value in (void)fn()Gerald Carter1-1/+1
(This used to be commit 249dba0386833803805a742aa6697cc75566f05c)
2007-10-10r13669: Get rid of poor errno mapping table. Bounce through NTSTATUS instead.Jeremy Allison1-39/+6
DO NOT MERGE FOR 3.0.21c PLEASE. Jeremy. (This used to be commit 3de0d9af6925e3dc0328c02c2a30127ea5c82a83)
2007-10-10r13664: Fix the cli_error codes to always detect a socket error.Jeremy Allison1-39/+107
This code needs a tidyup and common code with libsmb/errormap.c merging. Should fix the winbindd crash Jerry found (I hope). Jeremy. (This used to be commit e81227d044fbe7c73c121e540ccafc7f6517c4ea)
2007-10-10r13614: First part of the bugfix for #3510 - net join failsJeremy Allison1-1/+7
against server with schannel disabled. Second part will come tomorrow (fixing net_rpc_join_ok()). Jeremy. (This used to be commit 7de1ee18619bf99c5db45692e085d0646e52378f)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter2-4/+4
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13553: Fix all our warnings at -O6 on an x86_64 box.Jeremy Allison2-5/+5
Jeremy. (This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
2007-10-10r13539: Add 128 bit creds processing client and server. Thanks to Andrew ↵Jeremy Allison1-9/+79
Bartlett's Samba4 code. Jeremy. (This used to be commit a2fb436fc5dd536cfe860be93f55f9cb58139a0e)
2007-10-10r13519: Fix the credentials chaining across netlogon pipe disconnects.Jeremy Allison1-6/+19
I mean it this time :-). Jeremy. (This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)
2007-10-10r13502: Fix error messages for usershares when smbd is notJeremy Allison2-3/+14
running. More generic error return cleanup in libsmb/ needs doing (everything returning NTSTATUS not BOOL). Jeremy (This used to be commit 654bb9853b450c5d509d182f67ec26ac320fd590)
2007-10-10r13495: Derell, I'm removing that double setup_logging(), just a typo.Günther Deschner1-1/+0
Guenther (This used to be commit c0d91f9d19b33995237847389e4c37e086938b9e)
2007-10-10r13489: Fix #3496 from jason@ncac.gwu.edu. Variable set but never used.Jeremy Allison1-5/+5
Jeremy. (This used to be commit 4204794cc7c5e2671259652879c33f539d26958c)
2007-10-10r13477: Fix code before declarationVolker Lendecke1-1/+2
(This used to be commit c15f1d553f03ad1ed4e1d52b8e46c52202bc3a83)
2007-10-10r13473: Back port r13470, r13471, r13472 from Samba4. Thanks Andrew:Jeremy Allison2-29/+45
----------------------------------- Thanks to a report from VL: We were causing mayhem by weakening the keys at the wrong point in time. I think this is the correct place to do it. The session key for SMB signing, and the 'smb session key' (used for encrypting password sets) is never weakened. The session key used for bulk data encryption/signing is weakened. This also makes more sense, when we look at the NTLM2 code. Andrew Bartlett ----------------------------------- With more 'try all options' testing, I found this 'simple' but in the NTLM2 signing code. Andrew Bartlett ----------------------------------- After Volker's advise, try every combination of parameters. This isn't every parameter on NTLMSSP, but it is most of the important ones. This showed up that we had the '128bit && LM_KEY' case messed up. This isn't supported, so we must look instead at the 56 bit flag. Andrew Bartlett ----------------------------------- We should now try retesting with NT4. This should be standalone enough to port into a SAMBA_3_0_RELEASE branch fix. Jeremy. (This used to be commit b9b8cd1752aeab049983c1a6038edf2231ec10a4)
2007-10-10r13407: Change the credentials code to be more like the Samba4 structure,Jeremy Allison2-62/+71
makes fixes much easier to port. Fix the size of dc->sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc->sess_key where we where assuming we could read 16 bytes. Jeremy. (This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
2007-10-10r13396: Add in userinfo26, re-enable userinfo25 - took the knowledgeJeremy Allison1-0/+19
from Samba4 on how to decode the 532 byte password buffers. Getting closer to passing samba4 RPC-SCHANNEL test. Jeremy. (This used to be commit 205db6968a26c43dec64c14d8053d8e66807086f)