| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
statics. Part of my library cleanups.
Jeremy.
(This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
(This used to be commit eaefd00563173dfabb7716c5695ac0a2f7139bb6)
|
|
(This used to be commit cc92ce665dcfe9054d09429219883b18a4cab090)
|
|
connections_traverse
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
(This used to be commit e43e94cda1ad8876b3cb5d1129080b57fa6ec214)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
|
|
1177
In reg_perfcount.c: 1200 1202 1203 1204
In regfio.c: 1243 1245 1246 1247 1251
Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This
is really your code, and I'm not sure I did the right thing to return an
error.
smbcacls.c: 1377
srv_eventlog_nt.c: 1415 1416 1417
srv_lsa_nt.c: 1420 1421
srv_netlog_nt.c: 1429
srv_samr_nt: 1458 1459 1460
Volker
Volker
(This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff)
|
|
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
|
|
fix this in 3.0 ?
Jeremy.
We had no way to return NT_STATUS_OK from the netlogon serverpwset,
although
we successfully set the machine password...
One thing the samba3 join test found.
Volker
(This used to be commit e5b7acc9b5cb6e8cf3d03c9d392fad06e0d282d9)
|
|
in the switch statement which matched the schannel type
against the account type.
(This used to be commit 57c705ea63381ed9ab09145b4f57a736931fa6ca)
|
|
* Fix inverted logic check for machine accounts in get_md4pw()
(This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
|
|
we now check wheter the sec_channel_type matches the trust account type.
Guenther
(This used to be commit c35eb449375d53ffa0815897e7723c203be1f732)
|
|
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
|
|
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()
(This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
|
|
to make full use of the new talloc() interface. Discussed with Volker
and Jeremy.
* remove the internal mem_ctx and simply use the talloc()
structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
upcoming changes. Groups will most likely be replaced with a
'struct samg' in the future.
Note that there are now passbd API changes. And for the most
part, the wrapper functions remain the same.
While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs. The code also needs more testing under valgrind to
ensure it's not leaking memory.
But it's a start......
(This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
|
|
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
|
|
the correct part of the netlogon and schannel packets.
Jeremy.
(This used to be commit 4877f336b257e6f59833a6e0679959a2ec879974)
|
|
by schannel if "server schannel = true" was set.
Jeremy.
(This used to be commit fd84d9703ed01feb010df4ebb7e9ceb0d063780b)
|
|
Jeremy.
(This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
|
|
for the creds store. This should fix the problems
Jerry reported (but I have still to run tests :-).
Jeremy.
(This used to be commit 43f095a38d66caa774d80fe32e1b96ec25dd1f07)
|
|
(This used to be commit a95d7d722273863efa820674672393fe6e5a33b7)
|
|
Bartlett's
Samba4 code.
Jeremy.
(This used to be commit a2fb436fc5dd536cfe860be93f55f9cb58139a0e)
|
|
I mean it this time :-).
Jeremy.
(This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)
|
|
Jeremy.
(This used to be commit a9e1d0f3b4fd7a0732a5023d0b4dcc2c4b1b03f8)
|
|
Jeremy.
(This used to be commit a164cfab420a2439dad8fd85f8b4d652087fa6b9)
|
|
Jeremy.
(This used to be commit 9437ffc84f4d924ab67f3e16ef507d2aeeeb5f34)
|
|
Jeremy
(This used to be commit f58d0ebf749ad6dab562e74e9fd2c16606183d6c)
|
|
Jeremy.
(This used to be commit 58544eb3c848e1dddd774270fbaae7d704a37b53)
|
|
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
|
|
Jeremy.
(This used to be commit 8ae70122b79fbe682c227ec2c4e5a72bf58d76de)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
These can happen in normal operation (I think - not 100%
sure) and don't want to alarm admins. Jerry please add this
to 3.0.21b.
Jeremy.
(This used to be commit 47178b1b5ad06905f345a0f6b6267701d8aefddb)
|
|
Volker
(This used to be commit ae4ffc1cfb745a756d047c35f947f80acf4b0e55)
|
|
(This used to be commit 37d2bf02f37f6d1b5bac9523f085c00625722761)
|
|
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
|
|
x86_64 box.
Jeremy.
(This used to be commit d720867a788c735e56d53d63265255830ec21208)
|
|
Based on the Samba4 solution - stores data in
$samba/private/schannel_store.tdb.
This tdb is not left open but open and closed on demand.
Jeremy.
(This used to be commit a6d8a4b1ff31c5552075455dbd98cb58795958a9)
|
|
Jeremy.
(This used to be commit 86ffef8162393be3da81fda13772f0f1d40b0d08)
|
|
Ensure that the mach_acct and remote machine entries are
set correctly in struct dcinfo - we'll need this as a key
for a persistent schannel state later.
Jeremy.
(This used to be commit 47269b5c7161d740c2e86227de3acd9e08c53817)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Jeremy.
(This used to be commit e1c9813d63a441037bc71622a29acda099d72f71)
|
|
defined locally because if we didn't find them as a DC we were marking
the response as authoritative. Now if it's not a domain we know, we
mark the response non-authoritative.
Fix from jpjanosi@us.ibm.com
(This used to be commit d522277b86ff728f6f2b9feb2f8e3fa38c43d162)
|
|
the user,
causing netlogon to return an invalid response for failed interactive logons.
(This used to be commit 4deb918b682fb51d8712cfdafc6210275dd10fc4)
|
|
NT_STATUS_NO_USER returned. We were moving to the next step in the
chain when the client wasn't. Only update when the user logs on.
(This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
|
|
login
scripts to be executed.
We were filling in our name as the server which processed the login, even
when it was done by a trusted DC.
Thanks to John Janosik <jpjanosi@us.ibm.com> for the fix.
(This used to be commit 0446319a3b8096df385978449ffaa231bc5cfd0c)
|
|
before. Things tested: Domain join and subsequent interactive and network
logon to NT4, W2kSP and XPSP2 workstations and a NT4 domain trusting us. Right
now I've got problems with my W2k3 domain trusts. So this needs testing,
although I'm really confident that this does not break.
Volker
(This used to be commit c25b4afda2b657b73a6215d3ff36461a36496ba3)
|
