summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21012: Patch from Danilo Almeida @ Centeris (via me):Gerald Carter2-21/+168
Details: Improve PAM logging - The improved logging is far tracking down PAM-related bugs - PAM_SILENT was being mis-used to suppress syslog output instead of suppressing user output. This lets PAM_SILENT still log to syslog. - Allow logging of item & data state via debug_state config file option. - Logging tracks the pam handle used. (This used to be commit cc1a13a9f06e5c15c8df19d0fbb31dbdeb81a9cc)
2007-10-10r21011: Another patch from Danilo Almeida @ Centeris (via me):Gerald Carter1-4/+7
Details: Reset the "new password prompt required" state whenever we do a new auth. In more detail, in pam_sm_authenticate, if not settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially present PAM_WINBIND_NEW_AUTHTOK_REQD. (This used to be commit 402e8594759b42c1986f4f8d69273f68ec5160af)
2007-10-10r21010: fix the pstring change in ntlm_auth for require-membership-of in ↵Gerald Carter1-1/+1
ntlm_auth (This used to be commit 2d877e41d1fdf71b45074f257930062539e379d8)
2007-10-10r21009: Patch from Danilo Almeida @ Centeris (via me).Gerald Carter3-49/+236
Patch details: Support most options in pam_winbind.conf; support comma-separated names in require-membership-of. Details below: 1) Provides support for almost all config options in pam_winbind.conf (all except for use_first_pass, use_authtok, and unknown_ok). - That allows us to work well when invoked via call_modules from pam_unix2.conf as well as allowing use of spaces in names used w/require_membership_of. 2) Support for comma-separated list of names or SID strings in require_membership_of/require-membership-of. - Increased require_membership_of field in winbind request from fstring (256) to pstring (1024). - In PAM side, parse out multiple names or SID strings and convert all of them to SID strings. - In Winbind side, support membership check against multiple SID strings. (This used to be commit 4aca9864896b3e0890ffc9a6980d7ef1311138f7)
2007-10-10r21007: move $(SOCKET_WRAPPER_OBJ) to OBJ definition instead of link line likeHerb Lewis1-6/+8
all other uses - merge from 3_0_24 (This used to be commit 99172f56c0041d43890167150cfc575d7c1b59f1)
2007-10-10r21005: Add a debug message for EAGAIN error of setresuid.Volker Lendecke1-1/+7
Volker (This used to be commit 70c589a8323637ff8e1f96a56f8acaf550a58dc4)
2007-10-10r21004: Patch from Mathias Dietz <MDIETZ@de.ibm.com> to fix multi-nodeJim McDonough1-1/+1
sharemodes in gpfs. (This used to be commit 61841b225c2a09dcdb4b1242cb0ad0429ec1948e)
2007-10-10r21003: Display LDAP base in debug statement.Günther Deschner1-2/+2
Guenther (This used to be commit fb5830f87a16dbec16893348080bcdfc61e27ab0)
2007-10-10r21002: Get rid of unused macros - merge change from 3_0_24Herb Lewis3-48/+40
(This used to be commit 9d23cf0cc4a8974bf0cf74b219a1138383083360)
2007-10-10r21001: * Use a simple '#define LDAPMessage void' to fix the buildGerald Carter5-45/+9
problems in the nss_info interface when HAVE_LDAP is undefined. * Revert previous ifdef HAVE_ADS brakets * Remove an unused init function wrapper. (This used to be commit 2ba353848b6d8d36520e7fd82576653a39c602cd)
2007-10-10r20998: Fix debug messageVolker Lendecke1-1/+2
(This used to be commit a5a1c8c785939e7cf6108adb573ac277726f584b)
2007-10-10r20996: Build fix from Kai BlinAndrew Bartlett1-1/+2
(This used to be commit 91fdbd4cf5f8fe44adcbe8dc8ef38579a8306c39)
2007-10-10r20994: Remove unused code.James Peach1-122/+0
(This used to be commit 8052a18f29d32f37c52868b17143af8d76bf5e6e)
2007-10-10r20993: temporary build fix to get things going again on non-ADS systemsGerald Carter1-0/+4
(This used to be commit 8c23158f053b181421cb6206db7c8030ddcc2cea)
2007-10-10r20992: another attempt at fixing the build breakageGerald Carter4-26/+37
(This used to be commit 7011a1b5abc7d56da5beba904e3328014f315f0d)
2007-10-10r20987: fix build farm breakage when ADS support is not present (caused by ↵Gerald Carter1-0/+4
nss_info_methods API) (This used to be commit 4982be312151c4d9b97f06afe88c30d8065be4be)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter18-456/+893
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20985: leave room for terminating NULL when printing password hashes via ↵Gerald Carter1-2/+2
'pdbedit -L -w' (This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
2007-10-10r20982: Fix a segfault -- I wonder why my make test did not show this earlier...Volker Lendecke1-1/+2
(This used to be commit 4984b0627c84cc192868238c0936ca1a38628cd8)
2007-10-10r20970: Allow to define workstation for samlogon in rpcclient (for testing).Günther Deschner2-8/+17
Guenther (This used to be commit 5d4747fdf2e5874cb5d2238ee62e4fcac1676134)
2007-10-10r20966: Only attempt to reload the config file atfer the fork point if weJames Peach1-2/+6
are in daemon mode. If we are in inetd mode, there's really no point in rechecking it so soon. (This used to be commit 029d4bb5e3ea02a8a396adc3ca564a714bcdfdb8)
2007-10-10r20965: Fix spelling.James Peach1-2/+2
(This used to be commit 0eb19b57286f176dd4b7e86504d004e1450f6a10)
2007-10-10r20951: Remove the DOM_SID field in the struct idmap_domain and bounceGerald Carter3-142/+128
domain SID lookups through the struct winbindd_domain *domain_list by searching by name. Refactor the order lookup when searching for the correct idmap_domain to a single function and remove the requirement that the default domain be listed first in the config file. I would still like to make the idmap_domain array a linked list and remove the existing code which makes use of indexes into the list. Basic testing with tdb pans out ok. (This used to be commit e6c300829ff08dd354f6e9460d396261681e4809)
2007-10-10r20933: Fix the build without inotifyVolker Lendecke1-2/+2
(This used to be commit 4587d8097255c8b8fb8990bc8a13f8145986d29d)
2007-10-10r20932: This is the basic infrastructure for inotify support. This is far ↵Volker Lendecke4-1/+283
from being complete, in particular the various mask bits are not correctly supported yet. Checkin in now, I want to see how the build farm likes it. Volker (This used to be commit c9a5d011a91359b242f6c26f46e96ecea6a44a3b)
2007-10-10r20931: This changes the notify infrastructure from a polling-based to an ↵Volker Lendecke12-785/+484
event-driven based approach. The only remaining hook into the backend is now void *(*notify_add)(TALLOC_CTX *mem_ctx, struct event_context *event_ctx, files_struct *fsp, uint32 *filter); (Should we put this through the VFS, so that others can more easily plug in?) The trick here is that the backend can pick filter bits that the main smbd should not handle anymore. Thanks to tridge for this idea. The backend can notify the main smbd process via void notify_fsp(files_struct *fsp, uint32 action, char *name); The core patch is not big, what makes this more than 1800 lines are the individual backends that are considerably changed but can be reviewed one by one. Based on this I'll continue with inotify now. Volker (This used to be commit 9cd6a8a82792b7b6967141565d043b6337836a5d)
2007-10-10r20917: Fix missing error returns pointed out by "Li, Ying (ESG)" ↵Jeremy Allison1-0/+3
<ying.li2@hp.com> Jeremy. (This used to be commit 78387b3cd2e4eff8f09b6c498ca37b016ed9ecbc)
2007-10-10r20916: Add in the delete on close final fix - but only enabledJeremy Allison7-0/+63
with -DDEVELOPER. Jeremy. (This used to be commit 7f817067a70930ee3502ea3373173e0c23733253)
2007-10-10r20915: Fixed the bad merge from 3.0.24.Jeremy Allison1-6/+8
Jeremy. (This used to be commit 018d7805b5ecb17e21e1a55b6cc65efaab4b3f63)
2007-10-10r20914: Sync up incorrect differences between 3.0.24 and 3.0Jeremy Allison1-12/+11
Jeremy. (This used to be commit a2222a565c658fe5154d9321edab69a95ddeed15)
2007-10-10r20913: Fix the build.Jeremy Allison1-3/+4
Jeremy. (This used to be commit dce98dae2d18126d8380f92595f315b96d48a7df)
2007-10-10r20912: Ensure the list always remains sorted even whenJeremy Allison1-17/+29
moving events around. Jeremy. (This used to be commit 6fee874ab420b4c406e38b5e189a6d6ea8594fc9)
2007-10-10r20911: Fix copyright message in winbindd to use the macro from smb.hGerald Carter1-2/+3
(This used to be commit e635bad00ecf083c34da339e3616c945a140e478)
2007-10-10r20905: Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION if the pwGerald Carter1-3/+11
chnage fails due to policy settings where as 2003 (the chgpasswd3() request) fails with NT_STATUS_PASSWORD_RESTRICTION. Thunk down to the same return code so we correctly retreive the password policy in both cases. (This used to be commit 262bb80e9cf7fb6dbf93144ae0b939c84ec0ea04)
2007-10-10r20904: This is a placeholder fix. Apparently Windows 2000Gerald Carter1-1/+9
is sharing the IDL for the SAMR pipe with Windows 2003 but returning NT_STATUS_NOT_SUPPORTED rather than a DCE/RCE fault. We need to catch this in the general sense by looking at the returned PDU size. But this immediate change fixes password changes via pam_winbind against Windows 2000 DCs. (This used to be commit a3602cc6d4926852a21b13d4b731419f70477f5c)
2007-10-10r20903: Replace the hardcoded "smb.conf" string with the dyn_CONFIGFILEGerald Carter1-6/+7
(This used to be commit ff8f27108d247aa9e46176f2b29fc8d2da103906)
2007-10-10r20883: W00t! I now understand how "delete on close" reallyJeremy Allison5-35/+59
works - even with the strange "initial delete on close" semantics. The "initial delete on close" flag isn't committed to the share mode db until the handle is closed, and is discarded if any real "delete on close" was set. This allows me to remove the "initial_delete_on_close" flag from the share db, and move it into a BOOL in files_struct. Warning ! You must do a make clean after this. Cope with the wrinkle in directory delete on close which is done differently from files. We now pass all Samba4 smbtortute BASE-DELETE tests except for the one checking that files can't be created in a directory which has the delete on close set (possibly expensive to fix). Jeremy. (This used to be commit f2df77a1497958c1ea791f1d2f4446b5fc3389b3)
2007-10-10r20880: Fix memory leak in new sitename code. You got *really*Jeremy Allison1-1/+1
close Guenther, then you forgot to use "key" :-) :-). Jeremy. (This used to be commit 56842b59d00d531b0c9c22639603dc721eab50b4)
2007-10-10r20878: Fix build with --enable-profilingVolker Lendecke1-1/+0
(This used to be commit eb14d0ea83273c60aee900557aa5dceb77bb8127)
2007-10-10r20877: Random notify fixesVolker Lendecke1-13/+8
(This used to be commit 2f1bfc53733ac3debc6a8b51642ab191869cd792)
2007-10-10r20876: Fix bug 4346 -- Thanks to YAMASAKI HiroyukiVolker Lendecke1-1/+1
(This used to be commit a7a66eb4eb2e518007b791457694c39dfff90705)
2007-10-10r20875: Pass DCE/RPC server call arguments as a struct rather than as ↵Jelmer Vernooij31-1389/+1349
separate arguments. This makes it a bit more similar to the Samba4 code. (This used to be commit 0596badb410a58e7a715e2b17bc0bef0489a2448)
2007-10-10r20874: We need to distinguish client sitenames per realm. We were overwritingGünther Deschner6-26/+75
the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther (This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
2007-10-10r20873: Some correctness fixes w.r.t. Samba4 torture BASE-DELETE.Jeremy Allison8-21/+111
Allow us to correctly refuse to set delete on close on a non-empty directory. There are still some delete-on-close wrinkles to be fixed, but I understand how to do that better now. I'll fix this tomorrow. Jeremy. (This used to be commit 029635885825a5562e7974a6f5675cce3bf1b5dc)
2007-10-10r20862: When in disconnected mode there is no need to try a fallback to a siteGünther Deschner1-0/+18
less DNS query. This speeds up offline detection slightly. Guenther (This used to be commit eda76ecf07a4d2f9bb5544e2c031cfad14d93e85)
2007-10-10r20861: We only use sitespecific DNS lookups when looking for DCs or KDCs, notGünther Deschner1-5/+1
for a PDC. Guenther (This used to be commit 0944c7861004bee2a9d0ac787f022f5bf1d181ac)
2007-10-10r20860: Adding some small tweaks. When we have no sitename, there is no need toGünther Deschner2-20/+25
ask for the list of DCs twice. Guenther (This used to be commit a9baf27e1348dd6dadd7a2fafdf9c269087b80ac)
2007-10-10r20858: change_notify_reply_packet is staticVolker Lendecke1-2/+4
(This used to be commit a1d0644d156c360d52fb837d3eecddb202135ebe)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison9-65/+159
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r20856: Make "struct notify_mid_map" private to notify.cVolker Lendecke2-11/+13
(This used to be commit beecef0c70521d28dd88552d661281d9c585eb22)