summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21606: Implement escaping function for ldap RDN valuesSimo Sorce9-30/+198
Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
2007-10-10r21605: Fix small typo noticed by Raúl Sánchez Siles <rss@barracuda.es>.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5ed61d5af6fe56e22135406256f5d1f7ccd6a376)
2007-10-10r21604: I got this wrong also in libsmb :-(.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 4a04555e23b5fa53fbeb5b65a7c83cff1b0f9640)
2007-10-10r21603: Horrible backwards compatibility hack as an old server bugJeremy Allison1-1/+11
allowed a CIFS client bug to remain unnoticed :-(. I suck. Jeremy. (This used to be commit 29761173ee26b4713c9a12166a935c066fc3321b)
2007-10-10r21581: Add an error code I just gotVolker Lendecke2-0/+2
(This used to be commit 5ef0286b56b368abd4da2cbe3d826a3438f3acc3)
2007-10-10r21577: Remove unneeded #define (part of earlier patch that wasJeremy Allison1-2/+0
removed). Jeremy. (This used to be commit 645b0438dde0dad26e950b3184cc412d3d87560a)
2007-10-10r21576: Patch based on work from Todd Stecher <todd.stecher@isilon.com>Jeremy Allison2-16/+83
to allow client to fragment large SPNEGO blobs (large krb5 tickets). Tested against W2K3R2. Should fix bug #4400. Jeremy. (This used to be commit b81c5c6adce51cec06df0e993534064b20666a8e)
2007-10-10r21569: Fix bug reported by Martin Zielinski <mz@seh.de>Jeremy Allison1-1/+1
where return value was incorrectly initialized. Jeremy. (This used to be commit 8d45f1f3b524031a34cfba21b677be8a09fc192c)
2007-10-10r21566: If we're going to be broken, at least be *consistently*Jeremy Allison1-1/+9
broken :-). This will do until Simo fixes the escape calls properly. Jeremy. (This used to be commit b7d91ec1b20f8d58903a3283f7789a30041461be)
2007-10-10r21565: Import ndrdump (doesn't compile yet, needs table support functions).Jelmer Vernooij5-5/+579
(This used to be commit 9a9b9421673ed1c455658d8ae79d7a1522a1baa7)
2007-10-10r21563: Fix a memleak: We only need dispinfo structs for "our" and for the ↵Volker Lendecke1-40/+41
builtin domain. Without this patch we leaked a DISPINFO for the (NULL) domain per samr_connect*() call. Volker (This used to be commit 4423880ff47a94074c625a4f4f81c3b516faa644)
2007-10-10r21562: Regenerate gen_ndr after pidl changes.Jelmer Vernooij19-146/+183
(This used to be commit 952f648d8132a0652bb03b9e7671239e57614ee9)
2007-10-10r21561: It makes absolutely no sense to call krb5_kt_resolve() two timesGünther Deschner1-6/+1
directly after another. Guenther (This used to be commit 76ba11d7770bac7c6db2eb1640139bbe270d82c3)
2007-10-10r21560: Convert name_to_fqdn to BOOL.Günther Deschner1-3/+6
Guenther (This used to be commit 28ce79629bc36929f508c1ccb1d27d48e8898045)
2007-10-10r21558: Safe more indent, again no code changes.Günther Deschner1-37/+37
Guenther (This used to be commit 7b18a4730d61c04867fc11df8980943d422589d8)
2007-10-10r21557: indent only fix. No code change.Günther Deschner1-49/+49
Guenther (This used to be commit 8ff0903a17cfd8c09b73ef637484a72719e82071)
2007-10-10r21556: Remove superfluos return check in ads_keytab_verify_ticket().Günther Deschner1-2/+0
Guenther (This used to be commit 020601ea0abeb15f2aef9da354fcf6d7d5459710)
2007-10-10r21552: Ensure to check for proto_exists before linking any binary. No makeLars Müller1-108/+108
proto should be required before creating any binary from now on. Remove proto_exists from the all, pam_smbpass, and pam_bindind rule. (This used to be commit 95d22979743c94565d9d0bbb64eb1e9adeba10d3)
2007-10-10r21551: Ok, this is more subtle. More tomorrow :-)Volker Lendecke1-65/+37
(This used to be commit f63189907efe857ef51ff91470ddb8d21b9a41fa)
2007-10-10r21550: make disp_info_list static to get_samr_dispinfo_by_sid(), add a ↵Volker Lendecke1-2/+18
comment :-) (This used to be commit fad2ee8aa3e99c31a0632a80b4a64dedb6e01495)
2007-10-10r21549: Only create DISP_INFO structs for domain handles, the others don't needVolker Lendecke1-35/+47
them. It just does not make sense to do a querydispinfo on an alias handle... This fixes a memleak: Every samr_connect*() call leaked a DISP_INFO for the (NULL) sid. More cleanup pending: Essentially, we only need the DISP_INFO cache for the get_global_sam_sid() domain. BUILTIN is fixed and small enough, and there are no other domains around where enumerations could happen. This also removes the explicit builtin_domain flags. I don't think this is worth it. If this makes a significant difference, then we have a *VERY* tuned RPC layer... Jeremy, please check this. If it's ok, we might want to merge it across. Volker (This used to be commit 0aceda68a825788895759e79de55b080ad3f971d)
2007-10-10r21548: prevent segv (reference to -1 element of array)Herb Lewis1-1/+2
(This used to be commit b5fd72282da85f50a040fd949752bc71023ff055)
2007-10-10r21547: Fix from Michael Adam <ma@sernet.de>: Refuse registry shares without ↵Volker Lendecke2-3/+10
path. Thanks, Volker (This used to be commit e795865d58472498097edc3fb68438ed08c38d8d)
2007-10-10r21546: remove duplicate linesHerb Lewis1-3/+0
(This used to be commit 934163782bf5444ee6535b628ef80dad4b5685e6)
2007-10-10r21543: Fix 64bit build warning.Günther Deschner1-1/+1
Guenther (This used to be commit bc04004c182b114749d8e33edcf835efb252d35d)
2007-10-10r21540: Fix Bug #3713 and readd reporting what the profiles tool does (whenGünther Deschner1-4/+56
called with the -v option). Patch from William Jojo <jojowil@hvcc.edu>. Guenther (This used to be commit 5889f588ee9bee6ceb6e6d517f6e69e42d55a574)
2007-10-10r21537: Avoid to trigger the confusing "cached entry differs." warning whenGünther Deschner2-2/+20
there is just no cache around for a user. Guenther (This used to be commit a6c249b59228c6891cde624f72fff23879dbd19f)
2007-10-10r21536: Fix copy/paste typo.Günther Deschner1-1/+1
Guenther (This used to be commit 7edbb636f7caf43135f0320cc08ff18a34a80594)
2007-10-10r21530: Don't code with jet-lag and Volker looking over yourJeremy Allison1-1/+1
shoulder.... Correct fix for warning :-) Jeremy. (This used to be commit 773001870d22ef4ff7ec00f73661b59a63cade42)
2007-10-10r21529: Fix warning from bad cast.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 34675624e2be886188337a883a6c4a57ef7e3fe3)
2007-10-10r21526: Fix stray character in sys_memalign() that is onlyGerald Carter1-1/+1
is the case where we don't have memalign() or posix_memalign(). (This used to be commit 1635bac80011d15e3ed30b6d43b6e22b2ce2a000)
2007-10-10r21525: Go ahead and checkin the mlock() & memalign() fixes soGerald Carter6-22/+61
others don't get stuck with the winbindd hang. Still waiting on additional confirmation from Guenther that this fixes thes issues he was observing as well. But it's been running in my local tree for a day without problems. (This used to be commit 0d2b80c6c4a744b05a0efdec352cddccc430e0c4)
2007-10-10r21517: Fix build warnings.Günther Deschner1-2/+1
Guenther (This used to be commit 82f1da8117434c52c383b33a905b3765f0240d4a)
2007-10-10r21509: Merge lp_passdb_backend() from rev 21506 to 3_0_25.Lars Müller1-2/+2
Slightly change the DEBUG 0 message as suggested by Volker on samba-technical. (This used to be commit c02921e95d41fe93c5913d79dfb690fcc1d73de4)
2007-10-10r21508: Fix memleak in new idmap_tdb, thanks Herb.Simo Sorce1-12/+4
Jerry please check. Simo. (This used to be commit a5354aa9a0bd860500356f45d09fce3d01649c60)
2007-10-10r21507: Fix some "cannot access LDAP when no root" bugs.Gerald Carter3-13/+30
The two culprits were * pdb_get_account_policy() * pdb_get_group_sid() (This used to be commit 6a69caf6907fad01b13aa4358ce5c62506f98495)
2007-10-10r21506: Allow old pre 3.0.22 multi passdb backend configurations to work withLars Müller1-1/+43
post 3.0.23. This implementation considers spaces in ldapsam configs. Such configs are trunkated after the closing quote. (This used to be commit 5cd9a2e25872db1881f2f67026bfcd52d060fc4b)
2007-10-10r21505: make sure mlock()'d memory is aligned on a page boundaryGerald Carter2-7/+26
(This used to be commit 52e6a2ceab794875781575ed17ec86808f6e26da)
2007-10-10r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a userGünther Deschner3-6/+68
changed a password via pam_chauthtok. Only do this if a) a user logs on using an expired password (or a password that needs to be changed immediately) or b) the user itself changes his password. Also make sure to delete the in-memory krb5 credential cache (when a user did not request a FILE based cred cache). Finally honor the krb5 settings in the first pam authentication in the chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when NTLM samlogon authentication is still possible with the old password after the password has been already changed (on w2k3 sp1 dcs). Guenther (This used to be commit c3005c48cd86bc1dd17fab80da05c2d34071b872)
2007-10-10r21483: Fix use of uninitialized variable.Jeremy Allison1-3/+6
Jeremy. (This used to be commit 4a74d042c9108ed68cc92f27b390c261c0bc8885)
2007-10-10r21482: Use IPC$ not ipc$ for consistency.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 42a846b3dfa50eea6592c6bb425f7bdb672c25f9)
2007-10-10r21481: No one said anything, so I'm disallowing anythingJeremy Allison1-7/+17
but explicit shares in "default service" :-). Jeremy. (This used to be commit 90bdcce765998cc0f5768d24926d52b8a4a44f90)
2007-10-10r21480: Make fd_open match fd_close be translatingJeremy Allison1-9/+12
errno into an NTSTATUS immediately. Jeremy. (This used to be commit 71dd02cc164197152e76d8141f906390c4bd1526)
2007-10-10r21478: Add 65k length limit for split SPNEGO blobs.Jeremy Allison1-9/+19
Jeremy (This used to be commit 6be078da267677e3e558033c28099e3932a17712)
2007-10-10r21474: Ensure trustdom_cache_shutdown() gets calledJeremy Allison1-4/+4
on terminate. Pointed out by Herb. Jeremy. (This used to be commit 08998b74a51acd55eb6cbe095e682e2a79334736)
2007-10-10r21467: Add GPFS-provided DMAPI support based on their GPL libraryAlexander Bokovoy2-1/+11
(This used to be commit 5876bedda51fce0c932ca0cdab074629b31a9c94)
2007-10-10r21462: Fix EnumValue (?)Jelmer Vernooij9-126/+65
(This used to be commit e73a418b5b0100936efb4c1133da3cfe3fcb61cd)
2007-10-10r21461: Not strictly necessary, as data_blob() panics if it can't allocate. ↵Volker Lendecke1-0/+4
But I'd see this as a design flaw in data_blob() and it made me look in that routine. Jeremy, revert or merge please :-) Volker (This used to be commit e7e6b8b5e0b00cc0746db4e9baa2e860074f903a)
2007-10-10r21460: Fix for server-side processing of SPNEGO authJeremy Allison4-11/+234
fragmented into "max xmit" size security blob chunks. Bug #4400. Needs limits adding, and also a client-side version. Jeremy. (This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
2007-10-10r21454: Fix debug typo.Günther Deschner1-1/+1
Guenther (This used to be commit 5c4a58ff3ab261e32789f39f2cf478367b727318)