summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-12-13Refactor out assembling of trust creds (pw, account name, principal).Michael Adam1-17/+38
Michael (This used to be commit 481f18b20d6d5ee12c62120a3559bb16cc98e465)
2007-12-13Streamline and fix logic of cm_prepare_connection().Michael Adam1-25/+37
Do not attempt to do a session setup when in a trusted domain situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT). Use get_trust_pw_clear to get machine trust account. Only call this when the results is really used. Use the proper domain and account name for session setup. Michael (This used to be commit 18c66a364e0ddc4960769871ca190944f7fe5c44)
2007-12-13Refactoring out get_schannel_session_key logic.Michael Adam1-53/+39
Refactor the actual retrieval of the session key through the established netlogon pipe out of get_schannel_session_key() and get_schannel_session_key_auth_ntlmssp() into a new function get_schannel_session_key_common(). (To avoid code duplication.) Michael (This used to be commit e77c4022cfbb868e608edcb06b676658b0e201ad)
2007-12-13Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.Michael Adam1-2/+1
Michael (This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam4-8/+10
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Export logic of get_trust_pw() to new function get_trust_pw_clear().Michael Adam1-16/+58
get_trust_pw() just now computes the md4 hash of the result of get_trust_pw_clear() if that was successful. As a last resort, in the non-trusted-domain-situation, get_trust_pw() now tries to directly obtain the hashed version of the password out of secrets.tdb. Michael (This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
2007-12-13Refactor the lagacy part of secrets_fetch_trust_account_password() outMichael Adam1-13/+31
into a new function secrets_fetch_trust_account_password_legacy() that does only try to obtain the hashed version of the machine password directly from secrets.tdb. Michael (This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam4-55/+28
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-13Streamline logic in cm_connect_netlogon()Michael Adam1-5/+6
by retrieving trust password only, when it will be used. Michael (This used to be commit cdc60d8ae8c0ef804206b20b451e9557f97d4439)
2007-12-13In cm_prepare_connection(), only get auth user creds if we need to.Michael Adam1-2/+2
Michael (This used to be commit 164bfb25d7b5cfeffeb4d81958b7629a11ca5d5e)
2007-12-13Remove two unneeded functions.Michael Adam1-23/+0
secrets_store_trust_account_password() and trust_password_delete() are the write access functions to the SECRETS/$MACHINE.ACC/domain keys in secrets.tdb, the md4 hashed machine passwords. These are not used any more: Current code always writes the clear text password. Michael (This used to be commit 4788fe392427901f6b1c505e3a743136ac8a91ca)
2007-12-13Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam2-22/+60
This is a first patch aimed at fixing bug #4801. It is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
2007-12-12Fix typo.James Peach1-1/+1
(This used to be commit c8468a1bb49535f0467e1a83b4c8bc5c8dce834e)
2007-12-12Autoconf support for detecting DNS Service Discovery support.James Peach2-0/+38
Patch from Rishi Srivatsavai <rishisv@gmail.com>, with some adaptations. (This used to be commit 2dfe9525b9e6e7dcbac191c1fb6288e166d171e5)
2007-12-12Missed one strcpy call.Jeremy Allison1-1/+1
Jeremy. (This used to be commit b215fb1ad0d5bb3fa7084c2773845ce1dffb2173)
2007-12-12Add a portable version of strlcpy and strlcat and convertJeremy Allison1-36/+70
all strncpy/strcat calls to them. Convert all sprintf calls to snprintf. Safety first ! Jeremy. (This used to be commit eff2b368e891d523de38b43ced95798b74ae101e)
2007-12-12Fix bug #4784. Patch from Steve Langasek <vorlon@debian.org>.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 4f503ea8912eb787209c8df364bfdb161dbb212c)
2007-12-12Developer doesn't cut it - need #define test for NSS_WRAPPER.Jeremy Allison1-1/+1
Hopefully this should fix the buildfarm. Jeremy. (This used to be commit 087489b7f2a8cd5868b54dbed3f3eed5d0709ba7)
2007-12-12Only add the non-root escape on !developer.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a50c2d159c754c6ff88649ed859f2b3f9c24f6a1)
2007-12-12Fix the buildfarm until I figure out how to allowJeremy Allison1-0/+2
smbpasswd -L for non-root on the buildfarm only. Jeremy. (This used to be commit 1bb5ce824f800d967e2a92e946dd6ce7c4580b93)
2007-12-12Fix bug #3727 with patch from Steve Langasek <vorlon@debian.org>Jeremy Allison4-1/+21
Jeremy. (This used to be commit 0723760ba47a465d2ff5a22a680f1b5196eca7d8)
2007-12-12Make heimdal and MIT happy when iterating through auth data.Günther Deschner1-3/+3
Guenther (This used to be commit 507247dcbf0ef02825a6c5c5f313813714df2d99)
2007-12-12Vista SP1-rc1 appears to break against Samba-3.0.27aGuenther Deschner1-3/+3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jason, Jason Haar wrote: > Patched 3.0.28, compiled, installed and here's the log file. > > Hope it helps. BTW I don't think it matters, but this is on 32bit > CentOS4.5 systems. yes, it helps. Thanks for that. Very interesting, there are two auth data structures where the first one is a PAC and the second something unknown (yet). Can you please try the attached fix ? It should make it work again. Guenther - -- Günther Deschner GPG-ID: 8EE11688 Red Hat gdeschner@redhat.com Samba Team gd@samba.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd MPsZW4G31VOVu64SPjgnJiI= =Co+H -----END PGP SIGNATURE----- (This used to be commit c9adc07ca2a3bb1e0ea98e3b4f68e1a87e5c0196)
2007-12-12Fix logic and prevent segfaults in secrets trustdom tdb pack code.Michael Adam1-14/+14
New size calculation logic in tdb_trusted_dom_pass_pack() and tdb_sid_pack() used accumulated sizes as successive offsets to buffer pointer. Michael (This used to be commit 9c24713b402978e74dc8691be5cab71d8666eb41)
2007-12-12Fix secrets_store_trusted_domain_password() after pstring removal.Michael Adam1-1/+1
Jeremy, this small "&" sign has given me a headache... :-) Michael (This used to be commit 7590b12a994cc3c5f299ce7f3299c76adad1c599)
2007-12-12Allow cliconnect to loop through multiple ip addressesJeremy Allison2-23/+130
for a server. We should have been doing this for a while, but it's more critical with IPv6. Original patch fixed up by James. Jeremy. (This used to be commit 5c7f7629a97ef0929e00e52f1fae4386c984000b)
2007-12-12Don't restart winbind if a corrupted tdb is found during initialization.Andreas Schneider2-17/+10
The tdb is validated before it gets initialized. Since then sighandlers changed a restart isn't needed anymore. (This used to be commit aabe9b33fcaed8af98b1ed6b736253e196d87d48)
2007-12-12winbindd: remove unused WINBINDD_DUMP_MAPS supportStefan Metzmacher6-178/+0
Also the design of this function was really bad, instead do the dump into a file, the client should get back the list of mappings. metze (This used to be commit ce7fe8acf41e90553431c7cda6823700701835c7)
2007-12-12winbindd: remove unused WINBINDD_DUAL_NAME2*ID and WINBINDD_DUAL_*ID2NAME callsStefan Metzmacher2-260/+0
WINBINDD_DUAL_UID2NAME WINBINDD_DUAL_NAME2UID WINBINDD_DUAL_GID2NAME WINBINDD_DUAL_NAME2GID metze (This used to be commit fd4499ee438e4947990200db529363d51bd2c956)
2007-12-12Add lp_include_registry_globals().Günther Deschner1-0/+5
Guenther (This used to be commit d30b945e99390761e405492e40c90e84da4fe482)
2007-12-12Some cleanups for "net dom join".Günther Deschner1-4/+9
Guenther (This used to be commit 3f426f394f3b1454c52d92331c14f41dd1474516)
2007-12-12Add split_domain_user() (not to mix with winbind variants).Günther Deschner1-0/+24
Guenther (This used to be commit bd5308e5f63e4f692761557d0ecdee7226b66a15)
2007-12-12Make decode_wkssvc_join_password_buffer() return WERRORs.Günther Deschner1-5/+14
Guenther (This used to be commit 88e9da2f14b41a62bdb478f9ffc2de66643bbf14)
2007-12-11Fix warning message about data type always true.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 0a3be0aad7220eb97fe39460e20f36c8ae9ce474)
2007-12-11Add patches for bug #4866 from jiri sasek - Sun Microsystems - Prague Czech ↵Jeremy Allison3-1/+15
Republic <Jiri.Sasek@Sun.COM> - slightly modified - Jiri please check ! to allow Solaris to get passwords > 8 chars. Jeremy. (This used to be commit 657bf8c3479d6192f269e3daef1517e77a9fa9cb)
2007-12-11winbindd: pass const char *logfile to winbindd_dump_maps_async()Stefan Metzmacher2-7/+15
metze (This used to be commit a52237e3a10aa4ac15cd9e7b859a54c46bfa9cdf)
2007-12-11Convert the posix_pending_close_db to dbwrap_rbtVolker Lendecke1-126/+130
(This used to be commit 841f4ccbfb5f79ac4f447342e9dd6ef73cacbc65)
2007-12-11separate out create_file_unixpath()Volker Lendecke1-171/+242
(This used to be commit deaacf971e0fbffd0e5fe24f225ebf645a77e133)
2007-12-11Move more stuff out of the wayVolker Lendecke1-7/+7
(This used to be commit ae422fce01cd7520d6dd72e08719a5cd003cb640)
2007-12-11Move INTERNAL_OPEN_ONLY calculation out of the wayVolker Lendecke1-4/+4
(This used to be commit 0e96549b56e288c596ed8772197f97ffa5ade300)
2007-12-11When building nsswitch, make sure to also build smbcontrol.Günther Deschner1-1/+2
Guenther (This used to be commit 3954313d4e3d3a782f0ba41afa5d81b7cc5adac9)
2007-12-11Replace "unknown" with access_mask when calling samr_CreateUser2().Günther Deschner3-8/+8
Guenther (This used to be commit cfc6e7a2e657ee55364b739d9fe0093e4f7c8b27)
2007-12-11winbindd: rename child table struct elementsStefan Metzmacher4-57/+150
Add struct_ prefix to struct based protocol specific elemetens struct winbindd_child_dispatch_table. metze (This used to be commit 4ab9a8aab72a8406659a72e87b2d2a1ec2a2eabf)
2007-12-11idmap: add a const to idmap_dump_maps()Stefan Metzmacher1-1/+1
metze (This used to be commit de31913f0a4fd407d935ec4e27a6123ab7847ab5)
2007-12-11vlp: Build vlp (virtual line printer) against current git on makeKai Blin1-1/+15
everything. (This used to be commit 212ab58a3a7f03bb97c6ad3430e2776f9faba7c9)
2007-12-10Don't need an fstring here, we can talloc.Jeremy Allison2-10/+9
Jeremy. (This used to be commit 3f6cc826378729c9157ea68e7cf5c7b584bbb585)
2007-12-10Ensure we have a non-null flags. Pointed out by Andreas Schneider ↵Jeremy Allison1-0/+7
<anschneider@suse.de>. Jeremy. (This used to be commit cafde6c37259de587d3775a2d229abd253d2376d)
2007-12-10Fix errors from next_token conversion. Spotted byJeremy Allison1-9/+5
Andreas Schneider <anschneider@suse.de>. Jeremy. (This used to be commit b40efc2fe63a3420b62fbf1ea8936112c5a24bdc)
2007-12-10Fix bug leftover from pstring conversion noticed by ceezJeremy Allison1-3/+1
on irc. Jeremy. (This used to be commit 70950b419a57465c38bb36722644b95b1d14f76d)
2007-12-10Remove two completely unnecessary globalsVolker Lendecke1-61/+51
Can someone look over this? To me it looks as if bufr was only made static to save a malloc during an included smb.conf file. I think that's pretty much pointless. (This used to be commit 068e8de72ceb49ef2e02cca1913b6d2197bab5e0)