Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 30c9e3557bf4ca0b85e15bd7cc883391aec42f1f)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
is specified.
Michael
(This used to be commit b0f59f18bc8e95a98ee44fcc751f3af4e96d5924)
|
|
as this is always answered by the winbindd parent and will
most times return old sequence number values.
metze
(This used to be commit 9caf54c868e8c0109730860e772c9cc404e2f899)
|
|
metze
(This used to be commit 2a794db3c548330d477497aa66245845486d9888)
|
|
Guenther
(This used to be commit 429496a4ccb5c4f4eda11f1b522629889b972c71)
|
|
commit fb52f971986dd298abbcd9745ddf702820ce0184
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:50:26 2007 -0500
Check correct return type for pam_winbind_request_log() wnibind_upn_to_username
which is an int and not NSS_STATUS.
commit 7382edf6fc0fe555df89d5b2a94d12b35049b279
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:30:26 2007 -0500
Allow wbinfo -n to convert a UPN to a SID
commit 8266c0fe1ccf2141e5a983f3213356419e626dda
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 09:53:16 2007 -0500
Merge some of Guenther UPN work for pam_winbind.c (check the winbind separator
and better pam logging when converting a upn to a username).
commit 15156c17bc81dbcadf32757015c4e5158823bf3f
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 08:52:50 2007 -0500
Include Universal groups from the cached PAC/SamLogon info when
generating the list of domain group SIDs for a user's token.
commit 979053c0307b051954261d539445102c55f309c7
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Thu Aug 2 17:35:41 2007 -0500
merge upnlogon patch from my tree
(This used to be commit 98fb5bcd5702d5086bdf9b58105a67efb90950f4)
|
|
Merged from my Samba4 GSoC branch.
Volker, can you check if that's done the way you thought?
(This used to be commit f8560ea66ce522ff11d16f0e36e10853fe2639d7)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
where a
torture test would be much more appropriate). Fix #4408.
Guenther
(This used to be commit 7514a370cae9c6fdacffd2b885fd93cb1230ce96)
|
|
(This used to be commit 99b9570ebe5aa9f57db65a04cfc5835b382cb4dd)
|
|
(This used to be commit aa8f306fa545af653d8288919fa5a3b80f447bec)
|
|
allow detection of libbiconv if all others fail - need for FreeBSD
(This used to be commit 7acc9421b0643cb04bff1f1d98ecb899f9b09601)
|
|
against tdb corruption. Needs fleshing out
(and I forgot one record type) and needs helpful
suggestion from Volker to validate freelist,
but should give an idea of how this will look.
Jeremy.
(This used to be commit 8eb53f74e414483afde7b1e38ea2a3f56ae3ec66)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
info for our own domain.
Guenther
(This used to be commit ebd3c547e508e191d5e1b5bb001797666db7b269)
|
|
Guenther
(This used to be commit 3c9416c2bedeec7f075e94d45d08f37ae6dd41d1)
|
|
Volker
(This used to be commit c4cdb8086a3aa8a2e1f724e70616143adfea6e87)
|
|
winbindd server
(This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
|
|
(This used to be commit 6704859950eb93d86906d4916cf6842d9a970d2f)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
* update output from mkversion.sh to include the SAMBA_VENDOR_PATCH
(This used to be commit 485f0370942880a71095da5096e414b28193b150)
|
|
lp_load() could not be called multiple times to modify parameter settings based
on reading from multiple configuration settings. Each time, it initialized all
of the settings back to their defaults before reading the specified
configuration file.
This patch adds a parameter to lp_load() specifying whether the settings should
be initialized. It does, however, still force the settings to be initialized
the first time, even if the request was to not initialize them. (Not doing so
could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
|
|
What I'd give for a global constructor...
Jeremy.
(This used to be commit c970d7d0a5ba225465dfb0980989b8817b17c643)
|
|
messages.
Guenther
(This used to be commit 3ca735f7ad5bee53cd778f13347d48a76008d6e4)
|
|
Needed for KDM/GDM login masks.
Guenther
(This used to be commit abf761c8bf5e8cd3b0aba66abd5fd896035ea1ac)
|
|
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
|
|
the request to winbindd (prevents the WB_RECURSE flags from accidentially getting set
(This used to be commit 8c63d6d8a7f50d9a101117338242a9c8b243b43f)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
(This used to be commit 318c3db4cb1c85be40b2f812f781bcf5f1da5c19)
|
|
naming of the require_membership_of parameter in pam_winbind and fix
the error code for 'you didn't specify a domain' in ntlm_auth.
Andrew Bartlett
(This used to be commit 4bf0b94011fe6bfbec5635e58cafbfe3dc898569)
|
|
and the wbinfo -a test tool.
If 'client ntlmv2 auth' is set, then we will send an NTLMv2, rather
than an NT/LM response to the server.
Andrew Bartlett
(This used to be commit ce2456e436c5d57cd95cd10c6edf759592d0e843)
|
|
belongs into winbind itself, not into wbinfo.
Volker
(This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)
|
|
requested actually is of type asked for. I've come across more than one
installation where a group sid had ended up as a uid in idmap and vice
versa. This just closes one possible for this misconfiguration, people
are actually using wbinfo.
Volker
(This used to be commit acfbd34025c2fde3d6a3e582c120c2b9de8ed39b)
|
|
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
stream. This is to implement wbinfo -k that asks winbind for authentication
which then creates the AFS token for the authenticated user.
Volker
(This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)
|
|
Volker
(This used to be commit c814f7c43db9700ec08a30c45521181c754df247)
|
|
should work as expected :-)
Fix wb_delgrpmember.
Volker
(This used to be commit 9fc0025d12d17b0c68956af481a836eebc32e675)
|
|
(This used to be commit 09a30014233f111fe978effb12ecb2f88b710cb5)
|
|
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.
The routines used for this behaviour have been upgraded to modern Samba
codeing standards.
This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.
This is in line with existing behaviour for native mode domains, and for
our primary domain.
As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values. These changes move more routines to ADS_STATUS to return
kerberos errors.
Also found when valgrinding the setup, fix a few memory leaks.
While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.
Andrew Bartlett
(This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
|
|
just use one function for both places.
Andrew Bartlett
(This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
|
|
(This used to be commit fac5e05ca1b56cb6e3ab6537d0848fa373c00831)
|
|
understood by humans.
Andrew Bartlett
(This used to be commit 3d91b0a0060f18d49b2fdd9f93ef310e2ea7779d)
|
|
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.
Jerry: This is a change in behaviour, but I think it is necessary.
Volker
(This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)
|
|
(This used to be commit 46b2fb4db5c7e273a9b43c59340a0a47ade5bd5e)
|