summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15698: An attempt to make the winbind lookup_usergroups() call in security=adsGünther Deschner5-38/+369
more scalable: The most efficient way is to use the "tokenGroups" attribute which gives the nested group membership. As this attribute can not always be retrieved when binding with the machine account (the only garanteed way to get the tokenGroups I could find is when the machine account is a member of the "Pre Win2k Access" builtin group). Our current fallback when "tokenGroups" failed is looking for all groups where the userdn was in the "member" attribute. This behaves not very well in very large AD domains. The patch first tries the "memberOf" attribute on the user's dn in that case and directly retrieves the group's sids by using the LDAP Extended DN control from the user's object. The way to pass down the control to the ldap search call is rather painfull and probably will be rearranged later on. Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2. Guenther (This used to be commit 7d766b5505e4099ef7dd4e88bb000ebe38d71bd0)
2007-10-10r15697: I take no comments as no objections :)Günther Deschner10-214/+548
Expand the "winbind nss info" to also take "rfc2307" to support the plain posix attributes LDAP schema from win2k3-r2. This work is based on patches from Howard Wilkinson and Bob Gautier (and closes bug #3345). Guenther (This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
2007-10-10r15696: Free LDAP search result.Günther Deschner1-0/+2
Guenther (This used to be commit ec26c355b3ef1d3d809c4fbe911ce6fcef5db955)
2007-10-10r15691: - samba3 also pass RAW-CHKPATH, RAW-SEEK, RAW-SFILEINFO-BUGStefan Metzmacher1-4/+4
- samba3 pass the limited version of RAW-LOCK (the lock cancel and error checking tests are skipped) metze (This used to be commit b79ceece9550c0fe9f59ae59bad6709351e93906)
2007-10-10r15686: - start testing the RAW-* tests in make testStefan Metzmacher1-1/+5
- RAW-READ now passes samba3 - skip the rest for now metze (This used to be commit fc343051afe560b1ddb8715dbc574e2ae645571e)
2007-10-10r15682: fix option passingStefan Metzmacher1-2/+2
metze (This used to be commit cd2fa1da6cdcaaa8a4d92a38163d54ecc0f9d756)
2007-10-10r15681: fix segv in 'kinit && net ads join'Gerald Carter1-5/+3
(This used to be commit d77768cb237461b06119ee19f822b120623d77dd)
2007-10-10r15680: use the user creds when calling net_set_machine_spn() rather than ↵Gerald Carter1-64/+15
the machine creds (just like WinXP) (This used to be commit ae2bf464c47eb52ff24400d1cc362e74e77fbac5)
2007-10-10r15679: fix some popt warningsGerald Carter3-4/+4
(This used to be commit 126ab8ccec69240e8e526190f4712bd274237985)
2007-10-10r15676: Fix meaningless debug statement from uninitialized variable.Jeremy Allison1-3/+1
Spotted by "John E. Malmberg" <wb8tyw@qsl.net>. Jeremy. (This used to be commit ff3fe39b837e0d0de2edaa284c2dd7d1c8161c46)
2007-10-10r15675: Man pages say never look at the fd_set after a selectJeremy Allison1-2/+8
if it returned -1 (treat as undefined). Ensure we obey this. Jeremy. (This used to be commit 256ae3a16bcafe70cc1a00496681c709380e4fc3)
2007-10-10r15672: Fix for bug #3783. winbindd_cm.c calls open_any_socket_out()Jeremy Allison1-1/+1
to make connections to ports 445 or 139 on the DC it's trying to contact. It calls sys_select() on the non-blocking sockets, not sys_select_intr(). This is a mistake (I believe) as it allows a signal to early terminate the connection attempts - whereas sys_select_intr() will ignore signals until we get back to the main processing loop where they'll be handled correctly. This change means winbindd_cm will not early terminate if it gets a message whilst trying to connect to DC's. Gunther, Volker and Jerry please review (but I think this is correct). Jeremy. (This used to be commit 24aaa486771f797d35ea6b0711c12cd3e663dd8c)
2007-10-10r15670: Fix valgrind-spotted issue in BASE-DELETE test.Jeremy Allison1-0/+1
We were forgetting to increment after copying the primary group gid. Jeremy (This used to be commit 31d16c434e1ee94691f013ed0b31d9f26baeb2cb)
2007-10-10r15668: DOS or FCB opens share one share mode entry from differentJeremy Allison7-98/+97
fsp pointers. Ensure we cope with this to pass Samba4 DENY tests (we used to pass these, there must have been a regression with newer code). We now pass them. Jeremy (This used to be commit fd6fa1d4eaf61783df74ee2da50d331477f06998)
2007-10-10r15660: Without this when using smbcquotas I getVolker Lendecke2-0/+8
close fd=-1 fnum=4321 (numopen=1) close_file: Could not get share mode lock for file $Extend/$Quota:$Q:$INDEX_ALLOCATION unix_error_packet: error string = Das Argument ist ungültig error packet at smbd/reply.c(3325) cmd=4 (SMBclose) NT_STATUS_INVALID_HANDLE so a fake file needs special close handling I think. Jeremy, can you check this? Thanks, Volker (This used to be commit f66b9701b5c6bb6302fa11889adab6902cbaf2e3)
2007-10-10r15657: Fix some Tru64 warningsVolker Lendecke2-3/+3
(This used to be commit a85dfb9eff222142eb1f9d89beb3d156661dd047)
2007-10-10r15655: Log the result of module initialisation if it fails.James Peach1-2/+6
(This used to be commit 3446ee5c00e114fd6697b2d70888d55ad79e63f9)
2007-10-10r15654: Update our internal copy of popt to that distributed with the RPM 4.2James Peach13-664/+2229
source code. (This used to be commit 9559886a92b1fdd33d380bf0100dcddb12477ff2)
2007-10-10r15649: Allow to store 24 password history entries in ldapsam (same limit as onGünther Deschner2-6/+8
Windows). Fixes bug #1914. Guenther (This used to be commit b5a5d0b24ea5320cb2f28dbefe81ddf5c58baf77)
2007-10-10r15646: Implement an setdomainsid command as wellSimo Sorce2-1/+23
(This used to be commit 51df47c772f8bdd5a2c3a1e9814e625406e79b5f)
2007-10-10r15644: Now that we are referencing uint32_t and other data typesPaul Green1-0/+4
defined in <stdint.h>, ensure that it is present. (Not all implementations pull it in when <sys/types.h> is used). Paul (This used to be commit dafe36ec4cff4e5f94e35841966007e3e4758582)
2007-10-10r15635: Fix a bogus gcc uninit variable messageVolker Lendecke1-1/+1
(This used to be commit 53f7104b4fbb4f59c18458f589e25e7b536642cb)
2007-10-10r15634: Prevent passwords of winbindd's list of credential caches from beeingGünther Deschner4-1/+53
swapped to disc using mlock(). (patch was reviewed by Jeremy). Guenther (This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
2007-10-10r15633: Minor smbldap/pdb_ldap cleanupGünther Deschner2-20/+16
Guenther (This used to be commit 1b5a712467ab8f35211b59bb703a42bdc5e0dfc0)
2007-10-10r15632: Remove length limitation from the winbind cache cleanup traversal.Günther Deschner1-7/+2
Guenther (This used to be commit 181fa02497e353a36e311f94f5bec2e9cfd1b56e)
2007-10-10r15631: Add a new option "enable core files". Administrators can use this toJames Peach2-0/+13
disable automatic core file dumping. Core files are enabled by default. (This used to be commit b59189280057849b67ac65f31cec23b859e21c91)
2007-10-10r15630: adapt smbclient fix to smbtree to enable long share namesJim McDonough2-1/+61
(This used to be commit ae56154fc7694042496a55d4dade8ef1a7ba361c)
2007-10-10r15620: pass 'target:samba3=yes' to samba4's smbtorture when running ↵Stefan Metzmacher1-0/+2
samba3's make test we can use this in samba4's smbtorture to disable tests sections which doesn't pass against samba3 metze (This used to be commit fab4de70b65ab5b9d3a93db46f13c7bab0e70464)
2007-10-10r15611: Remove used but uninitialised variable "count".James Peach1-2/+2
(This used to be commit 71fd0d3de4a02b9a7b67914f6412f18ec0bb5e7a)
2007-10-10r15610: Fix Coverity #288 - possible null deref.Jeremy Allison1-3/+11
Jeremy. (This used to be commit b108ab7b122cc607f31772614b221379403b211b)
2007-10-10r15608: Fix a couple of Coverity errorsVolker Lendecke1-0/+9
(This used to be commit 696e210bf6688e8b2f408559768173b4bdbda979)
2007-10-10r15601: Fix segfaults with 'security=share' and 'guest only = yes'Volker Lendecke2-10/+31
Volker (This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0)
2007-10-10r15600: Correctly fill in the gid for local users.Volker Lendecke1-0/+6
Volker (This used to be commit 6071dd5db0dbb79a80b248ab93942911bf08fd2b)
2007-10-10r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb ↵Gerald Carter1-7/+9
flags on the setuserinfo(), not the createuser info call (This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e)
2007-10-10r15589: While trying to understand the vuid code I found that security=share ↵Volker Lendecke3-15/+26
is broken right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This makes sure that we only call register_vuid if sec!=share and meanwhile also fixes a little memleak. Then I also found a crash in smbclient with sec=share and hostmsdfs=yes. There's another crash with sec=share when coming from w2k3, but I need sleep now. Someone (jerry,jra?) please review the sesssetup.c change. Thanks, Volker (This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
2007-10-10r15583: Add a comment while trying to understand this codeVolker Lendecke1-0/+5
(This used to be commit 7945c935bf197afb61286ddeb0e579078362a1fc)
2007-10-10r15571: Fix Coverity bug #285Volker Lendecke1-3/+7
(This used to be commit 2cf503d7da08319f318217f6fe8f85c18bf0dffb)
2007-10-10r15570: Fix Coverity bug # 286. I really wonder why gcc -O1 did not catch ↵Volker Lendecke1-1/+1
this one. Volker (This used to be commit c6bf2c8922e612278349fe53ca11f6be6c819009)
2007-10-10r15569: Fix Coverity bug # 287. Jerry, can you check if WERR_NOMEM is a ↵Volker Lendecke1-0/+11
correct error code here? Thanks, Volker (This used to be commit 5787bd0ee90b081ae12a4a976893cb297fa7bed4)
2007-10-10r15566: Fix Coverity bug # 284. The lp_ldap_xx_suffix function only return ↵Volker Lendecke1-7/+16
NULL if talloc fails. Volker (This used to be commit 0ece5b32f97f162be0af2ea3354a597c56ed4373)
2007-10-10r15562: Attempt to fix Coverity bug # 283Volker Lendecke1-0/+8
(This used to be commit 3762effca5e1e2bbb2d1d9dd8504c502485eca7d)
2007-10-10r15561: Should re-fix older systems without RC4-HMAC supportGerald Carter1-15/+6
(This used to be commit 00c795e3660a65419e707706abf48916dcd7f850)
2007-10-10r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....Gerald Carter2-176/+96
Re-add the capability to specify an OU in which to create the machine account. Done via LDAP prior to the RPC join. (This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
2007-10-10r15559: Smaller fixes for the new cldap code:Günther Deschner2-7/+6
* replace printf to stderr with DEBUG statements as they get printed in daemons * "net ads lookup" return code Guenther (This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
2007-10-10r15558: Do not wait endless for a CLDAP reply when the LDAP server isGünther Deschner1-1/+21
unavailable; use "ldap timeout" handling. Jerry, please check. Guenther (This used to be commit 821bbb4566c4b3f9798054ed3bf772db0c9ae3f2)
2007-10-10r15556: Better fix for leading // or \\ from "David R. Linn"Jeremy Allison1-2/+2
<drl@vuse.vanderbilt.edu>. Jeremy. (This used to be commit 502f3e911a2e9e3e0e4a4eae34885329e0624dd5)
2007-10-10r15555: Make "change notify timeout" a per-share parameter - usedJeremy Allison4-8/+37
when there's no kernel or FAM change notify. If set to zero this will turn off change notify for the share except when we ourselves change something (renames / deletes etc. ). Designed to help on large directory shares where a new changenotify is issued between each delete. This will be fixed correctly when we move to internal change notify (eg. back-port Samba4 changenotify). Jeremy. (This used to be commit 5a17bffbcd5082fde79c241468a0ff2b5903d540)
2007-10-10r15553: minor rpcclient cleanup: length is already set in data_blob.Günther Deschner1-3/+0
Guenther (This used to be commit a80f3660573872e7a1c9e4d37262c830d68415e1)
2007-10-10r15552: Fix segfault...Günther Deschner1-0/+2
Guenther (This used to be commit ff93fc7c1e22c035f6f1405d263702bbb9d61575)
2007-10-10r15550: make sure to pick up the -lresolv libs on systems without -lldap to ↵Gerald Carter1-1/+3
pull it in (This used to be commit 4f3a1c2c58a4087f3a2f72f471cbaf2bad5addfe)