Age | Commit message (Collapse) | Author | Files | Lines |
|
Based on the Samba4 solution - stores data in
$samba/private/schannel_store.tdb.
This tdb is not left open but open and closed on demand.
Jeremy.
(This used to be commit a6d8a4b1ff31c5552075455dbd98cb58795958a9)
|
|
Volker
(This used to be commit cf06a090a3fe6ed1f769aa9744637833bdc3b7d0)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
version to 3.0.20pre1
(This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
|
|
Volker to commit. Woo Hoo !
Jeremy.
(This used to be commit 316df944a456f150944761dab34add5e8c4ab699)
|
|
(This used to be commit 66471de977a56cbe58921f61da28cc7dcbc6e93e)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
Jeremy.
(This used to be commit 05b905a28f349a2741e0963e41ad624a8f0b9fb8)
|
|
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
This should ensure that the value it returns is always consistant.
Andrew Bartlett
(This used to be commit a4392ede33019b7584bf6a2d8445adb5191e640f)
|
|
just use one function for both places.
Andrew Bartlett
(This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
|
|
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
|
|
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
|
|
(This used to be commit defc71d4cb9bb1efcb39157bad2806f73b3cc3f5)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
tdb_search_list_free.
Volker
(This used to be commit 0f3822c8e71426983b960ad49511efa8707159f9)
|
|
strings.
Running 'net cache list' or secrets_get_trusted_domains through
valgrind gives a *huge* amount of invalid reads of one byte beyond the
indicated string length in libc's strncpy. Annoying...
Volker
(This used to be commit 0f8933ae778064ff58cdc832ce52c843631435bb)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
Volker
(This used to be commit 2ec8d1ff88d3984a317a4a53ca3a299e8a68a9d7)
|
|
versions. Fixes bug #154.
(This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
|
|
leak fixes. (secrets.c portion)
Andrew Bartlett
(This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
Original message:
This patch attemptes to clean up winbindd's mutex locking.
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
(This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
|
|
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
|
|
Jeremy.
(This used to be commit daf179bcd6297b525bfc644efb154734723f4d58)
|
|
Andrew Bartlett
(This used to be commit 2a1adb8f81d8966e8919fffb9b4c69f3e6acd44f)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
server = DC1 *
(This used to be commit f49de4c5176bf635ac080e082fda412066b466c8)
|
|
- change auth_sam to use the initialisation flags to determine if
the password attributes are set
- add const to secrets.c, cliconnect.c
- passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd
- SAMR: add debugs to show what fails for group enum.
Andrew Bartlett
(This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
|
|
MAX_PRINT_JOBS in a queue.
Jeremy.
(This used to be commit 9fe3c0b90d4bff2217e3cb5a34b4683ca314c06e)
|
|
- Fix segfaults in the 'net ads' commands when no password is provided
- Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the
old options, but the actual code is available on all ldap systems.
- Fix shadow passwords (as per work with vl)
- Fix sending plaintext passwords to unicode servers (again vl)
- Add a bit of const to secrets.c functions
- Fix some spelling and grammer by vance.
- Document the -r option in smbgroupedit.
There are more changes in HEAD, I'm only merging the changes I've been involved
with.
Andrew Bartlett
(This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
names
(This used to be commit 4cb7b6954b96e6964743e65413e122f7b4d39052)
|
|
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.
It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.
Non-unix account support is also added. This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.
This code has stood up well under my production environment, so it relitivly
well tested.
I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).
Andrew Bartlett
(This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
|
|
working.
(This used to be commit 4ecc170dcb84522135ddefb5f424cc756051a6d3)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
you to join a 2nd domain then leave the old domain rather than the other way
around
(This used to be commit b26b6aef64e1042c9867a13761ded0c3c6f9670f)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
Jeremy.
(This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
|
|
Ignacio you can update your howto ;-)
samsync: a small patch to try chaning challenges.
J.F.
(This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
|
|
(This used to be commit c76c1f6904510d6ecca3453f91433420f22b7bd6)
|
|
(This used to be commit aff916e543f1c70aa5fe0fc07dda21e772625097)
|
|
(This used to be commit 153c4a56b0b5473a1efb208551f36480cdb5d264)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
Jeremy.
(This used to be commit 9148bb9eaa67de60c3b0b4709a9c05a840c20c66)
|
|
(This used to be commit 64d35e94fe6f7e56353b286162f670c8595a90e6)
|
|
(This used to be commit c26e0d3f27a05ecc8bd2390f9aab7f9451524e47)
|