1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

21513 Commits

Author SHA1 Message Date
Jeremy Allison
6beb519280 r21047: Hand marshalling hack from Martin Zielinski <mz@seh.de>
to allow Vista to upload printer drivers (it wants level 8
which we don't support yet). Downgrade in the same way
that Windows servers do.
Jeremy.
(This used to be commit 01c659692c)
2007-10-10 12:17:29 -05:00
Gerald Carter
594ab518a5 r21046: Backing out svn r20403 (Andrew's krb5 ticket cleanup
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).

We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87)
2007-10-10 12:17:29 -05:00
Gerald Carter
400f419580 r21036: Fix the ad nss info backend to not abort the search when called outside the idmap daemon
(This used to be commit 57160e3dd9)
2007-10-10 12:17:29 -05:00
Jeremy Allison
3bd12f9658 r21035: Remove unneeded checks on incoming uid/gid for
mknod (fifo) unix extensions code. Problem
discovered by Anders Karlsson <anders.karlsson@redhat.com>.
Jeremy.
(This used to be commit ec6033ad7c)
2007-10-10 12:17:28 -05:00
James Peach
f779904af5 r21034: Don't force user to have pidl in their PATH.
(This used to be commit 9e2118969d)
2007-10-10 12:17:28 -05:00
Günther Deschner
4a5868f3ca r21033: To make the logs a bit more readable let the winbind dc connect child
write to a separate logfile.

Guenther
(This used to be commit 0313edc0d6)
2007-10-10 12:17:28 -05:00
Günther Deschner
8751923635 r21021: Fix memleak.
Guenther
(This used to be commit 4e622572eb)
2007-10-10 12:17:28 -05:00
Günther Deschner
b979bf5686 r21020: Some pam_winbind fixes:
* make debug_state also configurable from the config file
* minor code cleanup

Guenther
(This used to be commit c562095953)
2007-10-10 12:17:28 -05:00
Günther Deschner
74f38589b3 r21019: Fix typo.
Guenther
(This used to be commit adb40884e0)
2007-10-10 12:17:28 -05:00
Günther Deschner
a6f30ced0a r21018: Removing the set_domain_online_request again in trustdom_recv().
Jeremy, we really can't do that. There are setups with hundred and more
trusted domains out there, I have one customer who tells me it takes
more then half an hour for him after winbind is up and running. That
request registers the check_domain_online_handler which in turn forks
off the child immediately. Also discussed with Volker.

Guenther
(This used to be commit ccd4812c0b)
2007-10-10 12:17:27 -05:00
Günther Deschner
3f9585018d r21016: Fix pam_sm_setcred again.
Jerry, the switch statement must ignore the PAM_SILENT flag.

Guenther
(This used to be commit 46d23c72bf)
2007-10-10 12:17:27 -05:00
Gerald Carter
05ec639127 r21015: fix typo that breaks the build
(This used to be commit f82a517530)
2007-10-10 12:17:27 -05:00
Gerald Carter
db99a55c10 r21014: move some functionss to winbindd_group.c and make static
(This used to be commit af5a2fa9ec)
2007-10-10 12:17:27 -05:00
Gerald Carter
45aa381a77 r21013: * Remove "inline" keyword
* Remove anpther check for PAM_SILENT that prevents logging to syslog
* Add missing check for TRY_FIRST_PASS when using authtok (missed
  from previous merge)
(This used to be commit ed794f0872)
2007-10-10 12:17:27 -05:00
Gerald Carter
7e8a068a5e r21012: Patch from Danilo Almeida @ Centeris (via me):
Details: Improve PAM logging
- The improved logging is far tracking down PAM-related bugs
- PAM_SILENT was being mis-used to suppress syslog output instead of
  suppressing user output.  This lets PAM_SILENT still log to syslog.
- Allow logging of item & data state via debug_state config file option.
- Logging tracks the pam handle used.
(This used to be commit cc1a13a9f0)
2007-10-10 12:17:27 -05:00
Gerald Carter
76fd8f8e1d r21011: Another patch from Danilo Almeida @ Centeris (via me):
Details: Reset the "new password prompt required" state whenever
we do a new auth.  In more detail, in pam_sm_authenticate, if not
settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially
present PAM_WINBIND_NEW_AUTHTOK_REQD.
(This used to be commit 402e859475)
2007-10-10 12:17:26 -05:00
Gerald Carter
6ff9007252 r21010: fix the pstring change in ntlm_auth for require-membership-of in ntlm_auth
(This used to be commit 2d877e41d1)
2007-10-10 12:17:26 -05:00
Gerald Carter
df1e2693dc r21009: Patch from Danilo Almeida @ Centeris (via me).
Patch details:

Support most options in pam_winbind.conf; support comma-separated names in
require-membership-of.  Details below:

1) Provides support for almost all config options in pam_winbind.conf
   (all except for use_first_pass, use_authtok, and unknown_ok).

 - That allows us to work well when invoked via call_modules from
   pam_unix2.conf as well as allowing use of spaces in names used
   w/require_membership_of.

2) Support for comma-separated list of names or SID strings in
   require_membership_of/require-membership-of.

 - Increased require_membership_of field in winbind request from fstring
   (256) to pstring (1024).

 - In PAM side, parse out multiple names or SID strings and convert
   all of them to SID strings.

 - In Winbind side, support membership check against multiple SID strings.
(This used to be commit 4aca986489)
2007-10-10 12:17:26 -05:00
Herb Lewis
d070271a15 r21007: move $(SOCKET_WRAPPER_OBJ) to OBJ definition instead of link line like
all other uses - merge from 3_0_24
(This used to be commit 99172f56c0)
2007-10-10 12:17:26 -05:00
Volker Lendecke
a24714b9fd r21005: Add a debug message for EAGAIN error of setresuid.
Volker
(This used to be commit 70c589a832)
2007-10-10 12:17:26 -05:00
Jim McDonough
3f70efd4f9 r21004: Patch from Mathias Dietz <MDIETZ@de.ibm.com> to fix multi-node
sharemodes in gpfs.
(This used to be commit 61841b225c)
2007-10-10 12:17:26 -05:00
Günther Deschner
4b147350b8 r21003: Display LDAP base in debug statement.
Guenther
(This used to be commit fb5830f87a)
2007-10-10 12:17:25 -05:00
Herb Lewis
109bebe1f8 r21002: Get rid of unused macros - merge change from 3_0_24
(This used to be commit 9d23cf0cc4)
2007-10-10 12:17:25 -05:00
Gerald Carter
a31f10c99e r21001: * Use a simple '#define LDAPMessage void' to fix the build
problems in the nss_info interface when HAVE_LDAP is undefined.
* Revert previous ifdef HAVE_ADS brakets
* Remove an unused init function wrapper.
(This used to be commit 2ba353848b)
2007-10-10 12:17:25 -05:00
Volker Lendecke
25f1710991 r20998: Fix debug message
(This used to be commit a5a1c8c785)
2007-10-10 12:17:25 -05:00
Andrew Bartlett
b0d4004396 r20996: Build fix from Kai Blin
(This used to be commit 91fdbd4cf5)
2007-10-10 12:17:24 -05:00
James Peach
a1f0af5205 r20994: Remove unused code.
(This used to be commit 8052a18f29)
2007-10-10 12:17:24 -05:00
Gerald Carter
e2757521bb r20993: temporary build fix to get things going again on non-ADS systems
(This used to be commit 8c23158f05)
2007-10-10 12:17:24 -05:00
Gerald Carter
a4faa575a4 r20992: another attempt at fixing the build breakage
(This used to be commit 7011a1b5ab)
2007-10-10 12:17:24 -05:00
Gerald Carter
1ce7cc1918 r20987: fix build farm breakage when ADS support is not present (caused by nss_info_methods API)
(This used to be commit 4982be3121)
2007-10-10 12:17:24 -05:00
Gerald Carter
b9b26be174 r20986: Commit the prototype of the nss_info plugin interface.
This allows a provider to supply the homedirectory, etc...
attributes for a user without requiring support in core
winbindd code.  The idmap_ad.c module has been modified
to provide the idmap 'ad' library as well as the rfc2307 and sfu
"winbind nss info" support.

The SID/id mapping is working in idmap_ad but the nss_info
still has a few quirks that I'm in the process of resolving.
(This used to be commit aaec0115e2)
2007-10-10 12:17:23 -05:00
Gerald Carter
78f5f4b260 r20985: leave room for terminating NULL when printing password hashes via 'pdbedit -L -w'
(This used to be commit 2a7311db27)
2007-10-10 12:17:22 -05:00
Volker Lendecke
db8ee51cf2 r20982: Fix a segfault -- I wonder why my make test did not show this earlier...
(This used to be commit 4984b0627c)
2007-10-10 12:17:22 -05:00
Volker Lendecke
7556355b28 r20979: Fix description, thanks to Michael Adam <ma@sernet.de>
(This used to be commit 4610465d7f)
2007-10-10 12:17:22 -05:00
Günther Deschner
aeb834036d r20970: Allow to define workstation for samlogon in rpcclient (for testing).
Guenther
(This used to be commit 5d4747fdf2)
2007-10-10 12:17:22 -05:00
James Peach
23e227ac39 r20966: Only attempt to reload the config file atfer the fork point if we
are in daemon mode. If we are in inetd mode, there's really no point
in rechecking it so soon.
(This used to be commit 029d4bb5e3)
2007-10-10 12:17:22 -05:00
James Peach
24e25ae761 r20965: Fix spelling.
(This used to be commit 0eb19b5728)
2007-10-10 12:17:21 -05:00
Gerald Carter
37cc3e3d62 r20951: Remove the DOM_SID field in the struct idmap_domain and bounce
domain SID lookups through the struct winbindd_domain *domain_list
by searching by name.

Refactor the order lookup when searching for the correct idmap_domain
to a single function and remove the requirement that the default
domain be listed first in the config file.

I would still like to make the idmap_domain array a linked list and
remove the existing code which makes use of indexes into the list.

Basic testing with tdb pans out ok.
(This used to be commit e6c300829f)
2007-10-10 12:17:21 -05:00
Volker Lendecke
0de21e9515 r20933: Fix the build without inotify
(This used to be commit 4587d80972)
2007-10-10 12:17:21 -05:00
Volker Lendecke
420e577004 r20932: This is the basic infrastructure for inotify support. This is far from being
complete, in particular the various mask bits are not correctly supported
yet. Checkin in now, I want to see how the build farm likes it.

Volker
(This used to be commit c9a5d011a9)
2007-10-10 12:17:21 -05:00
Volker Lendecke
d5206610cd r20931: This changes the notify infrastructure from a polling-based to an event-driven
based approach. The only remaining hook into the backend is now

	void *(*notify_add)(TALLOC_CTX *mem_ctx,
			    struct event_context *event_ctx,
			    files_struct *fsp, uint32 *filter);

(Should we put this through the VFS, so that others can more easily plug in?)

The trick here is that the backend can pick filter bits that the main smbd
should not handle anymore. Thanks to tridge for this idea.

The backend can notify the main smbd process via

void notify_fsp(files_struct *fsp, uint32 action, char *name);

The core patch is not big, what makes this more than 1800 lines are the
individual backends that are considerably changed but can be reviewed
one by one.

Based on this I'll continue with inotify now.

Volker
(This used to be commit 9cd6a8a827)
2007-10-10 12:17:21 -05:00
Jeremy Allison
57881f7494 r20917: Fix missing error returns pointed out by "Li, Ying (ESG)" <ying.li2@hp.com>
Jeremy.
(This used to be commit 78387b3cd2)
2007-10-10 12:17:20 -05:00
Jeremy Allison
aacd16e7c4 r20916: Add in the delete on close final fix - but only enabled
with -DDEVELOPER.
Jeremy.
(This used to be commit 7f817067a7)
2007-10-10 12:17:19 -05:00
Jeremy Allison
cce97a9b50 r20915: Fixed the bad merge from 3.0.24.
Jeremy.
(This used to be commit 018d7805b5)
2007-10-10 12:17:19 -05:00
Jeremy Allison
da35d24b68 r20914: Sync up incorrect differences between 3.0.24 and 3.0
Jeremy.
(This used to be commit a2222a565c)
2007-10-10 12:17:19 -05:00
Jeremy Allison
e5fbc269de r20913: Fix the build.
Jeremy.
(This used to be commit dce98dae2d)
2007-10-10 12:17:19 -05:00
Jeremy Allison
14889901e2 r20912: Ensure the list always remains sorted even when
moving events around.
Jeremy.
(This used to be commit 6fee874ab4)
2007-10-10 12:17:19 -05:00
Gerald Carter
600ef4f6f3 r20911: Fix copyright message in winbindd to use the macro from smb.h
(This used to be commit e635bad00e)
2007-10-10 12:17:18 -05:00
Gerald Carter
c47347ebe9 r20905: Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION if the pw
chnage fails due to policy settings where as 2003 (the chgpasswd3()
request) fails with NT_STATUS_PASSWORD_RESTRICTION.  Thunk down
to the same return code so we correctly retreive the password policy
in both cases.
(This used to be commit 262bb80e9c)
2007-10-10 12:17:18 -05:00
Gerald Carter
cf629dc495 r20904: This is a placeholder fix. Apparently Windows 2000
is sharing the IDL for the SAMR pipe with Windows 2003
but returning NT_STATUS_NOT_SUPPORTED rather than a DCE/RCE
fault.  We need to catch this in the general sense
by looking at the returned PDU size.  But this immediate
change fixes password changes via pam_winbind against Windows 2000
DCs.
(This used to be commit a3602cc6d4)
2007-10-10 12:17:18 -05:00