1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

20184 Commits

Author SHA1 Message Date
Volker Lendecke
413ec64f27 r17022: Fix the build farm -- maybe this is the real fix, testing more
(This used to be commit 19d0269000)
2007-10-10 11:19:20 -05:00
Gerald Carter
0ea9508d53 r17021: remove unsupported smbwrapper code
(This used to be commit 07c67fbfc0)
2007-10-10 11:19:20 -05:00
Gerald Carter
803748b15d r17017: BUG 3916: fix pam config file parsing in pam_winbind.
Patch from Dietrich Streifert <dietrich.streifert@visionet.de>
(This used to be commit 8d62188258)
2007-10-10 11:19:20 -05:00
Volker Lendecke
f8004328f4 r17016: Different and smaller fix for the valid users = username problem.
If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.

Volker
(This used to be commit f6e3ee147f)
2007-10-10 11:19:20 -05:00
Volker Lendecke
de4492b28d r17011: Back out r17010 after talking to Jerry. Another fix pending...
Volker
(This used to be commit 7a629118ee)
2007-10-10 11:19:19 -05:00
Volker Lendecke
a85395e0f5 r17010: If winbind is not around, add S-1-22-1-<uid> to the user's token.
See the comment in the patch for the reason.

Volker
(This used to be commit 5e07ab750a)
2007-10-10 11:19:19 -05:00
Andrew Bartlett
97859aeb80 r17007: Increment winbind protocol version number.
Andrew Bartlett
(This used to be commit ed51b6293b)
2007-10-10 11:19:18 -05:00
Andrew Bartlett
0dc8f720e1 r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain.  This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).

The precalculated blobs do not reveal the plaintext password.

Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b713)
2007-10-10 11:19:17 -05:00
Jeremy Allison
de5d967505 r17003: Fix coverity #303 - possible null deref. Jerry please
check this is your new code.
Jeremy.
(This used to be commit 144067783d)
2007-10-10 11:19:17 -05:00
Jeremy Allison
75a2f4dbc8 r17000: Allow CIFS POSIX locks to coexist with Windows locks.
We shouldn't allow this on the same smbd, but the cifsfs
client negotiates POSIX locks then sends Windows ones.
Doh ! Can't fix shipped client code....
Jeremy.
(This used to be commit 2f8cabe98d)
2007-10-10 11:19:17 -05:00
Gerald Carter
23afde616d r16998: patch from Paul Griffith <paulg@cs.yorku.ca> to fix compile of the test.c pdb file
(This used to be commit 34ad8e183c)
2007-10-10 11:19:17 -05:00
Gerald Carter
9846cf3daf r16997: Simo's patch (based on repotr from Seth Elssworth of Quest) to try to be more robust in the precense of more broken /etc/hosts files when determining our fwdn
(This used to be commit 6413df8348)
2007-10-10 11:19:17 -05:00
Jeremy Allison
f8be59e0a6 r16994: Fix bug #3923, reported by jason@ncac.gwu.edu. Incorrect type
used.
Jeremy.
(This used to be commit 738b99078c)
2007-10-10 11:19:17 -05:00
Jeremy Allison
8dbe2651d3 r16992: Fix bug #3922 reported by jason@ncac.gwu.edu, correctly
look at the return code.
Jeremy.
(This used to be commit f11933b3ac)
2007-10-10 11:19:17 -05:00
Jeremy Allison
67854e8439 r16990: Fix bug #3921 spotted by jason@ncac.gwu.edu. Correctly
obey blocking/non-blocking request for POSIX locks.
Jeremy.
(This used to be commit f62c01316e)
2007-10-10 11:19:16 -05:00
Jeremy Allison
1722226189 r16987: Fix the logic errors in ref-counting Windows locks.
Hopefully will fix the build farm. Still a few errors
in RAW-LOCK to look at though...
Jeremy.
(This used to be commit edd72d37de)
2007-10-10 11:19:16 -05:00
Jeremy Allison
297df32751 r16973: Fix subtle logic error in lock ref counting found by
cifsfs client code.
Jeremy.
(This used to be commit 53094435d8)
2007-10-10 11:19:16 -05:00
Jeremy Allison
4ef1f8e425 r16971: Ensure we use the correct separator for pathnames
in POSIX mode (clitar needs fixing too). Add test
posix lock/unlock commands.
Jeremy.
(This used to be commit 596497ccc2)
2007-10-10 11:19:16 -05:00
Jeremy Allison
725d88b6d4 r16968: The function parse_processed_dfs_path() is dependent on the
fact that check_path_syntax() will convert '\\' characters to '/'.
When POSIX pathnames have been selected this doesn't happen, so we
must look for the unaltered separator of '\\' instead of the modified '/'.
Stevef please check this with the CIFSFS MS-DFS code !
Jeremy
(This used to be commit 883bb398e5)
2007-10-10 11:19:16 -05:00
Jeremy Allison
760671b0e2 r16962: Add a few utility fns into client. Allow POSIX capabilities
to be selected.
Jeremy.
(This used to be commit 2d8d4bd77b)
2007-10-10 11:19:16 -05:00
Volker Lendecke
6dfccad564 r16960: Some warnings from host "opi"
(This used to be commit 083ef11cc9)
2007-10-10 11:19:15 -05:00
Gerald Carter
69f0c8aef1 r16957: fix cut-n-paste error. The check for 'if (\!salt)' make no sense when fetching the DES salting principal
(This used to be commit baf554c793)
2007-10-10 11:19:15 -05:00
Volker Lendecke
361fef49c5 r16955: Fix an uninitialized var -- Jerry, please check.
(This used to be commit bf701f5129)
2007-10-10 11:19:15 -05:00
Gerald Carter
751ad57534 r16954: Volker reminded me we already have code to do this check.
Reuse can_create() to prevent renameing a group to
an existing user or group.
(This used to be commit ce7091fda1)
2007-10-10 11:19:15 -05:00
Gerald Carter
7c1f79143b r16953: Don't allow groups to be renamed to an existing user or other group
(This used to be commit 7d619f127e)
2007-10-10 11:19:15 -05:00
Gerald Carter
060b155cd2 r16952: New derive DES salt code and Krb5 keytab generation
Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
  keys
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67)
2007-10-10 11:19:15 -05:00
Jeremy Allison
6d29166997 r16948: Sync the exmaples code from trunk.
Jeremy.
(This used to be commit 508ba05a8e)
2007-10-10 11:19:14 -05:00
Jeremy Allison
65586c226c r16947: Fix warning with profile separator when profiles not
being used.
Jeremy.
(This used to be commit 441c289fd2)
2007-10-10 11:19:14 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Jeremy Allison
5bf62a0c3c r16943: Add Jim's code.
Jeremy.
(This used to be commit f131bf8f16)
2007-10-10 11:19:13 -05:00
Günther Deschner
6139f49d60 r16941: Fix crash bug when the pam conversation receives an empty token.
Thanks to Bjoern Jacke for the report and test-case.

Guenther
(This used to be commit f2ebc0e3de)
2007-10-10 11:19:13 -05:00
Günther Deschner
510b81b428 r16940: libnscd sets errno, use that to display error message.
Guenther
(This used to be commit df10448e2c)
2007-10-10 11:19:12 -05:00
Günther Deschner
44f2d54db2 r16939: Still clear the winbind_cache.tdb when offline logons are not enabled.
Guenther
(This used to be commit 4121ccfc3e)
2007-10-10 11:19:12 -05:00
Gerald Carter
5d80b1dcd5 r16927: back merge of a packaging fix for release numbers (from 3.0.23)
(This used to be commit 5b4c4928ac)
2007-10-10 11:19:12 -05:00
Volker Lendecke
66259d06fb r16866: No idea why I did not see the warning, sorry....
(This used to be commit 84913caebd)
2007-10-10 11:19:12 -05:00
Volker Lendecke
3899f95e1f r16865: This is a proposal to fix bug 3915. Before sending patches around, this is
what svn is for.

The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.

Volker
(This used to be commit 9ec5ccfe85)
2007-10-10 11:19:12 -05:00
Volker Lendecke
fc4abcf028 r16864: Intermediate checkin -- swap the sid_check_is_in_unix_users and
sid_check_is_in_our_domain cases.

Volker
(This used to be commit dc403cec88)
2007-10-10 11:19:12 -05:00
Günther Deschner
7048040be8 r16862: Reverting accidential changes in ads_try_connect() from previous commit.
Guenther
(This used to be commit 6257f9af93)
2007-10-10 11:19:12 -05:00
Günther Deschner
f3e71c6072 r16861: Fixing crash bug when passing no domain/realm name to the CLDAP request.
Guenther
(This used to be commit 863aeb621a)
2007-10-10 11:19:11 -05:00
Gerald Carter
03d116a1b7 r16845: Properly report the error during join when the set password fails
(This used to be commit ef6e9ca527)
2007-10-10 11:19:11 -05:00
Günther Deschner
67d8c7432f r16836: When receiving a CLDAP reply make sure that we always store the correct
netbios domain name in server affinity cache.

Guenther
(This used to be commit 08958411ee)
2007-10-10 11:19:11 -05:00
Günther Deschner
57dd09939a r16823: Allow to call wbinfo --domain-info="" or --domain-info="." to get domain
info for our own domain.

Guenther
(This used to be commit ebd3c547e5)
2007-10-10 11:19:11 -05:00
Simo Sorce
99a0d5ca1e r16800: correct a probable cut&paste error
(This used to be commit c139a2293b)
2007-10-10 11:19:11 -05:00
Günther Deschner
d1a9ac533b r16799: Fix remote smbd crash bug by removing half-implemented info level 4
dfs_Enum.

Guenther
(This used to be commit 4e5ea585c3)
2007-10-10 11:19:11 -05:00
Günther Deschner
3dc4d79a44 r16797: Add msdfs proxy junctions in the netdfs rpc enumeration.
Guenther
(This used to be commit 6bf350895a)
2007-10-10 11:19:11 -05:00
Günther Deschner
ed8a9c82fe r16790: Fix memleak.
Guenther
(This used to be commit 48ab7f4681)
2007-10-10 11:19:10 -05:00
Jeremy Allison
192062c4a6 r16789: Fix bug #3909, when using ea's getting a directory tries to
read ea's from an msdfs link. Stop it from doing that.
Jerry please merge to 3.0.23.
Jeremy.
(This used to be commit 95e5ace6b4)
2007-10-10 11:19:10 -05:00
Gerald Carter
26c0b81d75 r16785: BUG 3908: Fix rpc bin authentication failure which broke user password changes
Jeremy, please review.
(This used to be commit 154e4a2815)
2007-10-10 11:19:10 -05:00
Volker Lendecke
355cbde8df r16766: A warning found by RHEL3. This might actually be 3.0.23 code, maybe there are
vasprintf implementations that don't like a NULL format.

Volker
(This used to be commit 03c665c307)
2007-10-10 11:19:10 -05:00
Volker Lendecke
fe33a3829a r16755: Hunting warning has some benefits....
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.

Volker
(This used to be commit 6fa928f96a)
2007-10-10 11:19:10 -05:00