summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21953: One format fix, clarify a condition that the IBMJeremy Allison2-3/+21
checker was worried about. Jeremy. (This used to be commit 70eec7b8ae6a4992b43df853dffc21dd91498390)
2007-10-10r21952: Fix critical (!) error found by IBM checker.Jeremy Allison1-22/+28
Missing break statements meant that no info levels would ever be returned correctly from POSIX open/mkdir. Jeremy. (This used to be commit ae5761ccc66b35b66ca4fa90aef02d8be1564737)
2007-10-10r21950: After discussion with the Apple and Linux client maintainers,James Peach4-3/+17
changing the FindFirst response for the UNIX_INFO2 level to include a length field before the name. The name is not required to be null terminated. The length field does not count any null. Also add call to chflags(2) in the default VFS module so that this will work be default on BSD-derived platform. Add UNIX-INFO2 test to the build farm to get some non-BSD coverage. Jeremy and Jerry, please review for inclusion in 3.0.25. (This used to be commit e7b21b1ef3f79c0df2bae5f15c345ef74292c404)
2007-10-10r21948: Fix valgrind error in build farm samba3 smbtorture. We wereJeremy Allison1-0/+2
using an uninitialized buffer for read/write tests. Jeremy. (This used to be commit e27d094620178f316bf79540164bbfe6ff3a3851)
2007-10-10r21947: Fix the equivalent of memcpy(x, x, 16). FoundJeremy Allison1-1/+3
by valgrind on the build farm. Jeremy. (This used to be commit 6eed92dfd4da1f9979831bec8e0dcdee33fb53b4)
2007-10-10r21944: move acl header checks to the correct place onlyStefan Metzmacher2-2/+2
jeremy: please merge this to 3.0.25:-) metze (This used to be commit 874164e365b77947d5c514b2a77c6aae0f42599e)
2007-10-10r21942: Hoist by our own petard :-). Older smbclient binariesJeremy Allison1-2/+2
were not able to connect to the rewritten dfs code as they set the dfs flag bit but then send local paths. Now that our dfs code is a *lot* more robust in detecting this sort of braindamage we can just call into it directly on getting a DFS flag and let the parser sort it out without having to check it's actually connecting to a dfs enabled share (I'm proud of this code :-). Jeremy. (This used to be commit 8c4d929c76ba56d59f651c57d1feb37d2916a436)
2007-10-10r21941: Attempt to fix bug 4460Volker Lendecke1-1/+1
(This used to be commit d1b8f00c122414e532cdb3da78f84d55698cbc10)
2007-10-10r21940: Sorry Volker, I have to revert your revert in r21935.Gerald Carter4-11/+48
We can talk about this later if you still feel that strongly but I need to fix the build for now. (This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26)
2007-10-10r21939: Fix missing initialization thatJeremy Allison1-1/+1
broke the build farm. Thanks to Metze for the heads up. Jeremy. (This used to be commit bb3623be3f2b0686b2b2e671e3e7bd9978f6ed9b)
2007-10-10r21935: Revert obviously not sufficiently tested code -- sorry for the pain. ↵Volker Lendecke4-48/+11
I am afraid I was basically off the net for the day (This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10)
2007-10-10r21934: fix the build sorryStefan Metzmacher1-1/+1
metze (This used to be commit 184c4619773f786c5299499e121e485b7545764f)
2007-10-10r21933: Change the write_sock() call in pam_winbind_request()Gerald Carter1-1/+1
to not request a privileged pipe operation for everything as this cannot be done from a process running under the context of a user (e.g. screensaver). Thanks to Danilo Almeida <dalmeida@centeris.com> for the help in pointing out the change to write_sock(). (This used to be commit 80790f935abc8905542338b08f54d61ebacf2ff1)
2007-10-10r21932: fix compiler warning.Stefan Metzmacher1-1/+1
maybe also for 3.0.25 metze (This used to be commit 844dac912cb549b0524571df80fbaa7f2d9c36c2)
2007-10-10r21931: include acl/libacl.h is presentStefan Metzmacher2-1/+6
I'm not sure if this should go into 3.0.25... it fixes a compiler warning about a missing acl_get_perm() prototype metze (This used to be commit 4b67f94c6a148d6fecaa90d66ce6893b5feb370a)
2007-10-10r21927: Removed unused variable.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 2d951c91a5ac9779dcb124190e3e7f86cee9efdf)
2007-10-10r21926: Fix missing enum specifier pointed out by Don McCall @ HP.Jeremy Allison4-17/+17
Thanks Don ! Jeremy. (This used to be commit 662344d1ec3593689de7602afa518ed98e10dc37)
2007-10-10r21925: Start to code up the gss acquire creds calls.Jeremy Allison1-6/+32
Jeremy. (This used to be commit 4a7fbc88520e8f5dfe53a7c5da68040271149da3)
2007-10-10r21923: Add in the gss decrypt.Jeremy Allison1-3/+45
Jeremy. (This used to be commit 00f58951b4cace06e51e7eb404605c7f3d366f38)
2007-10-10r21922: Fixed the build by rather horrid means. I really needJeremy Allison7-100/+81
to restructure libsmb/smb_signing.c so it isn't in the base libs path but lives in libsmb instead (like smb_seal.c does). Jeremy. (This used to be commit 1b828f051d0782201f697de15ff973bd6b097d5b)
2007-10-10r21919: now that the local passdb abd BUILTIN have been blacklisted and they ↵Simo Sorce1-15/+0
always point to the passdb module, remove this comment and move the explanation in the dimap_ad man page. Simo. (This used to be commit 58d2ec00d241f0ea8f9e165518b29bd35d2dc199)
2007-10-10r21918: Reverting this change as it is now causing aborts() inGerald Carter1-6/+1
find_builtin_domain(). This all needs more testing before anyone starts changing these lookup routines again. (This used to be commit add225e1c8fef1d3ddb7fd43c1744858df45ecfd)
2007-10-10r21917: Start to do the gss versions of sign+seal.Jeremy Allison4-28/+85
Jeremy. (This used to be commit a226645353a40047b72de1b96c3a7676a2bf1034)
2007-10-10r21916: Fix couple of "return" calls on void functions.Jeremy Allison1-2/+10
Ensure we ignore reqests to free keepalive buffers as we only copied these. Jeremy. (This used to be commit a184bdbe3c7bf0c44a8141898bfcb9971a332312)
2007-10-10r21913: fix one bug in build 717: correctly check the return from ↵Gerald Carter1-1/+1
sid_peek_check_rid() when trying to find a matching domain (This used to be commit c63bc300376e5be10585366013449a359b0778c1)
2007-10-10r21912: There's no point checksumming the packet lengthJeremy Allison1-4/+4
this already has to be right. This makes the signed+sealed area the same as it will be with gss calls. Now to go implement them. Jeremy. (This used to be commit 80810af7d1137b3ddd3073581d5ec99fadaa81a5)
2007-10-10r21905: RenameGerald Carter2-11/+11
idmap expire time -> idmap cache time idmap negative time -> idmap negative cache time (This used to be commit aac2d0af5e870190e99317e8e88b22a9562485b4)
2007-10-10r21904: Fix HP build -- thanks, DonVolker Lendecke1-1/+1
(This used to be commit 57efba97b634728ae75901cb76b904a5d82986a4)
2007-10-10r21903: Get the length calculations right (I always forgetJeremy Allison1-16/+18
the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! Jeremy. (This used to be commit d34584cb5c53c194693ce7236020ab83f60cd235)
2007-10-10r21902: Don't free the thing you're trying to set in the cli state.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 1639366561bd63d7023c54f811e2f87dcbbd0a31)
2007-10-10r21901: Don't use fstrcat when you mean fstrcpy. Doh !Jeremy Allison1-3/+4
Jeremy. (This used to be commit c7153411f1840e41470311db00d728e1461c56f6)
2007-10-10r21900: Token exchange now seems to work, now why does theJeremy Allison1-1/+1
client encrypt fail ? Jeremy. (This used to be commit 6bd7c05290909ef9f5f377dd141a64ed0d654134)
2007-10-10r21899: At least we're getting to stage 2 of the blobJeremy Allison1-4/+10
exchange. Still not working but closer. Jeremy. (This used to be commit 2fde5c703d2390bc6685f34713dc996e69732f1a)
2007-10-10r21898: Added test command, fixed first valgrind bugs.Jeremy Allison3-5/+49
Now to investigate why it doesn't work :-). Jeremy. (This used to be commit 73f7c6cef8371ad63eb1dc3e79bfc78503dbd7a4)
2007-10-10r21897: Add in a basic raw NTLM encrypt request. NowJeremy Allison7-20/+200
for testing. Jeremy. (This used to be commit 783a7b3085a155d9652cd725bf2960cd272cb554)
2007-10-10r21894: Some refactoring of server side encryption context. SupportJeremy Allison3-29/+149
"raw" NTLM auth (no spnego). Jeremy. (This used to be commit 6b5ff7bd591b4f65e2eb767928db50ddf445f09a)
2007-10-10r21893: Update comments so they actually reflect reality...Rafal Szczesniak1-3/+3
rafal (This used to be commit 8f313061a4cbc69d8dd17aa282d79d07a9275242)
2007-10-10r21892: Mini-Patch from MichaelVolker Lendecke1-2/+0
(This used to be commit 6cae3cf28155091a3951ecabd1c1b7e5c62d4c16)
2007-10-10r21891: Finish server-side NTLM-SPNEGO negotiation support.Jeremy Allison1-33/+75
Now for the client part, and testing. Jeremy. (This used to be commit 487706701f5f4a92c8fd1da1f29fb44491bac064)
2007-10-10r21888: Add the osname and osver options to 'net ads join' as discussedGerald Carter1-1/+94
on the samba-technical ml. I'll add a 'net ads set attribute=value' utility later rather than the original 'net ads setmachineupn' patch that was also posted to the tech ml. (This used to be commit 5035778ae4b3a5e445faa535c5caf00bc8d220d8)
2007-10-10r21887: Fix annoying bug where in a pam_close_session (or a pam_setcred with theGünther Deschner1-1/+29
PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches. Make sure that only root can do this. Jerry, Jeremy, please check. Guenther (This used to be commit 947a59a849e9132631ec56b7ade09137e508d5d6)
2007-10-10r21885: Chown logic should be activated only if nfs4:chown=yesAlexander Bokovoy1-24/+26
(This used to be commit b10410634f6dac532a867be5506cf79886833828)
2007-10-10r21884: * Blacklist BUILTIN and MACHINE domains from theGerald Carter2-18/+31
idmap domains as these should only be handled by the winbindd_passdb.c backend * Allow the alloc init to fail for backwards compatible configurations like idmap backend = ad idmap uid = 1000-100000 .... * Remove the deprecated flags from idmap backend, et. al. These are mutually exclusive with the new configuration options (idmap domains). Logging annoying messages about deprecated parameters is confusing. So we'll try this apprpach for now. (This used to be commit 5e30807b4e9c0211c9e2c02deee94543e8f0d855)
2007-10-10r21883: Try and fix the build by removing the prototypes forJeremy Allison2-2/+10
functions that take a gss context handle in includes.h Jeremy. (This used to be commit 638b03242d4a6b1df2477dad19240ed61a14a5a3)
2007-10-10r21882: The server part of the code has to use an AUTH_NTLMSSP struct,Jeremy Allison7-80/+327
not just an NTLMSSP - grr. This complicates the re-use of common client and server code but I think I've got it right. Not turned on of valgrinded yet, but you can see it start to take shape ! Jeremy. (This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
2007-10-10r21881: Make sure we are very specific when testing whether a backand can ↵James Peach2-2/+9
handle a particular SID. Make sure that the passdb backend will accept the same set range of local SIDs that the idmap system sends it. Simo, Jerry - this is a 3_0_25 candidate. Can you please review? (This used to be commit 86a70adb6a2d277f235857451bbee7d530d15310)
2007-10-10r21880: Make client and server calls into encryption code symetrical,Jeremy Allison4-93/+224
depending on encryption context pointer. Jeremy. (This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)
2007-10-10r21879: Move process_blocking_lock_queue to a timed event.Volker Lendecke2-52/+72
The idea is that we have blocking.c:brl_timeout as a timed event that is present whenever we do have a blocking lock pending. It fires brl_timeout_fn() which calls process_blocking_lock_queue(). Whenever we make changes to blocking_lock_queue, we trigger a recalc_brl_timeout() which sets a new brl_timout event if necessary. This makes the call to blocking_locks_timeout_ms() in setup_select_timeout() unnecessary, this is implicitly done in event_add_to_select_args() from the timed events. Volker (This used to be commit 7e31b8ce21de803ac1f8967967393341a3f44ac3)
2007-10-10r21878: Fix a bug with smbd serving a windows terminal server: If winbind ↵Volker Lendecke5-12/+49
decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker (This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
2007-10-10r21877: Missed one line.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 184571e4b0283fb1a62c441f10429006656052c8)