sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-29 21:47:30 +03:00
Code
20,123 Commits 60 Branches 1,146 Tags
Commit Graph

1191 Commits

Author SHA1 Message Date
Günther Deschner
b3ac5a586b r17366: Save the logon script path from the info3 in the PAM session allowing 
other PAM modules to pick it up from there.

Guenther
 2007-10-10 11:38:28 -05:00
Günther Deschner
62a8e0b089 r17365: Fix memleak. 
Guenther
 2007-10-10 11:38:28 -05:00
Volker Lendecke
fd82f185a2 r17363: Some C++ warnings 2007-10-10 11:38:28 -05:00
Volker Lendecke
21c8fa2fc8 r17345: Some C++ warnings 2007-10-10 11:38:26 -05:00
Gerald Carter
1a58745886 r17162: Fix typo small typos noticed by Paul Green. 2007-10-10 11:38:17 -05:00
Gerald Carter
8ee22eeab5 r17159: Bug 3920: Restore wnibind use default domain behavior for domain groups. 
This break local users and 'winbind nested groups' on domain members.
Cannot be helped.

My plans is to move the default domain crud to the client code (pam and
nss libraries) in 3.0.24.
 2007-10-10 11:38:17 -05:00
Gerald Carter
bc03141429 r17123: Fix 32bit/64bit portability issues again. 
NO NOT change the winbindd response or request structures
*unless* you test a 32bit wbinfo against a 64bit winbindd.
The structure sizes MUST be the same on 32bit and 64 bit
platforms.

The way to test is to build a 64bit version of Winbind as normal.
Then build a 32bit version using gcc -m32.  Now install the 64bit and
32bit versions of libnss_winbindd.so and launch the 64bit winbindd.
Make sure that the responses from both 32bit and 64bit versions
of wbinfo match.

If you don't understand the previous paragraph you don't need to
be changing nsswitch/winbindd_nss.h
 2007-10-10 11:38:13 -05:00
Günther Deschner
d73d0ec3d0 r17102: Fix segfault in libnss_wins [bugzilla #3937]. 
Guenther
 2007-10-10 11:38:12 -05:00
Gerald Carter
07c67fbfc0 r17021: remove unsupported smbwrapper code 2007-10-10 11:19:20 -05:00
Gerald Carter
8d62188258 r17017: BUG 3916: fix pam config file parsing in pam_winbind. 
Patch from Dietrich Streifert <dietrich.streifert@visionet.de>
 2007-10-10 11:19:20 -05:00
Andrew Bartlett
ed51b6293b r17007: Increment winbind protocol version number. 
Andrew Bartlett
 2007-10-10 11:19:18 -05:00
Andrew Bartlett
967292b713 r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1 
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain.  This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).

The precalculated blobs do not reveal the plaintext password.

Original patch by Alexey Kobozev <cobedump@gmail.com>
 2007-10-10 11:19:17 -05:00
Jeremy Allison
9dafb7f48c r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need 
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
 2007-10-10 11:19:14 -05:00
Günther Deschner
f2ebc0e3de r16941: Fix crash bug when the pam conversation receives an empty token. 
Thanks to Bjoern Jacke for the report and test-case.

Guenther
 2007-10-10 11:19:13 -05:00
Günther Deschner
df10448e2c r16940: libnscd sets errno, use that to display error message. 
Guenther
 2007-10-10 11:19:12 -05:00
Günther Deschner
4121ccfc3e r16939: Still clear the winbind_cache.tdb when offline logons are not enabled. 
Guenther
 2007-10-10 11:19:12 -05:00
Günther Deschner
ebd3c547e5 r16823: Allow to call wbinfo --domain-info="" or --domain-info="." to get domain 
info for our own domain.

Guenther
 2007-10-10 11:19:11 -05:00
Simo Sorce
c139a2293b r16800: correct a probable cut&paste error 2007-10-10 11:19:11 -05:00
Günther Deschner
48ab7f4681 r16790: Fix memleak. 
Guenther
 2007-10-10 11:19:10 -05:00
Volker Lendecke
6fa928f96a r16755: Hunting warning has some benefits.... 
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.

Volker
 2007-10-10 11:19:10 -05:00
Jeremy Allison
c4896b17fa r16687: Fix bugs #3901, #3902, #3903 reported by jason@ncac.gwu.edu. 
Jeremy
 2007-10-10 11:19:08 -05:00
Jeremy Allison
5c5ea3152f r16678: Fix bug #3898 reported by jason@ncac.gwu.edu. 
Jeremy.
 2007-10-10 11:19:07 -05:00
Jeremy Allison
ee2b2d96b6 r16644: Fix bug #3887 reported by jason@ncac.gwu.edu 
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
 2007-10-10 11:19:05 -05:00
Jeremy Allison
4e7262c81a r16610: Subtle one from Klocwork #2076. If multiple flags 
are set in a winbindd request it might overwrite existing
state->response.extra_data.data values without freeing.
Jeremy.
 2007-10-10 11:19:03 -05:00
Günther Deschner
5853525f11 r16480: (Ugly) workaround before the set_dc_type_flags & friends cleanup: 
When trying to login using krb5 with a trusted domain account, we
need to make sure that our and the remote domain are AD.

Guenther
 2007-10-10 11:18:56 -05:00
Günther Deschner
098a87f492 r16479: When dcip_to_name failed to get the name of the ip in saf_servername we 
cannot put saf_name in the failed conn cache as it's uninitialized.
Store saf_servername (the ip) in that case.

Volker, please check.

Guenther
 2007-10-10 11:18:56 -05:00
Günther Deschner
d6b52e8181 r16475: destroy talloc ctx when we weren't able to collect onlinestatus 
messages.

Guenther
 2007-10-10 11:18:56 -05:00
Günther Deschner
dfbe555c69 r16474: There is no point in figuring out lockout policies if we do not allow 
offline logons at all.

Guenther
 2007-10-10 11:18:55 -05:00
Günther Deschner
520777f794 r16473: There is no point in calling set_dc_type_and_flags() before each 
pam_auth login (when using kerberos).

Guenther
 2007-10-10 11:18:55 -05:00
Jeremy Allison
e83c3e0a65 r16422: winbindd_demote_client isn't used and generates 
a Klocwork issue (#1844). Remove it
Jeremy.
 2007-10-10 11:18:52 -05:00
Volker Lendecke
8a5cebc19e r16361: Fix Klocwork ID 1731 1770 1771 1775 1796 
Volker
 2007-10-10 11:18:49 -05:00
Jeremy Allison
09c8973286 r16358: ALWAYS compile this stuff on a 64-bit box before 
checking in. size_t != uint32 on a 64-bit machine.
Jeremy.
 2007-10-10 11:18:48 -05:00
Günther Deschner
d8fd94648f r16349: Another fix to make winbind more robust in large domains: 
We may only feed rpc_useraliases with chunks of 1024 entries.  This is
important as the token generation otherwise fails when a user is member
of more then 1024 groups.

Volker, please check.

Guenther
 2007-10-10 11:17:37 -05:00
Jeremy Allison
938545f535 r16285: On a 64-bit box, size_t != uint32. Ensure we use 
the right parameter type.
Jeremy.
 2007-10-10 11:17:31 -05:00
Jeremy Allison
face01ef01 r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsigned 
int
in a format string.
Jeremy.
 2007-10-10 11:17:31 -05:00
Günther Deschner
5ecfaf7d50 r16222: Fix DEBUG statements. 
Guenther
 2007-10-10 11:17:26 -05:00
Günther Deschner
58a7c09003 r16221: No need for friednly error messages at log level 10. 
Guenther
 2007-10-10 11:17:26 -05:00
Volker Lendecke
b5602cc4f1 r16196: A bit of defensive programming: 
Klocwork ID 1773 complained about oldest being dereferenced in line 2275 where
it could be NULL. I think you can construct extreme racy conditions where this
actually could happen.

Volker
 2007-10-10 11:17:24 -05:00
Günther Deschner
65643d3172 r16192: Fix timeformats in the winbind response struct. 
(pam_winbind users were forced to change a password inappropriately)

Guenther
 2007-10-10 11:17:23 -05:00
Günther Deschner
e7d2b84aba r16187: Fix memleak. 
Guenther
 2007-10-10 11:17:23 -05:00
Günther Deschner
aeff1f0c47 r16154: Fix winbind function table typo. 
Guenther
 2007-10-10 11:17:23 -05:00
Günther Deschner
3a738a855d r16114: Make winbindd's group enumeration (set|get|endgrent) work again (when 
enabled).

Do not bail out when a group just has 0 members.

Jeremy, please check, this has been removed with r13915.

Guenther
 2007-10-10 11:17:21 -05:00
Günther Deschner
8759a00fed r16080: Re-add accidentially excluded in-forest domain trusts (fixes bug #3823). 
Guenther
 2007-10-10 11:17:20 -05:00
Günther Deschner
3c9416c2be r15985: Adding "own-domain" switch to wbinfo which is handy from time to time. 
Guenther
 2007-10-10 11:17:16 -05:00
Günther Deschner
29758ea1c4 r15984: Correctly handle the case when there is no configuration file for 
pam_winbind.

Guenther
 2007-10-10 11:17:16 -05:00
Günther Deschner
216125fe13 r15983: Honour the krb5 principal name change (of the new ads join code) in the 
kerberized winbind pam_auth.

Guenther
 2007-10-10 11:17:16 -05:00
Günther Deschner
3f5a2e49c1 r15982: Fix confusing order of DEBUG statements in winbindds pam_auth. 
Guenther
 2007-10-10 11:17:16 -05:00
Günther Deschner
4addabd054 r15977: Fillup the password_policy method in winbindd for winbindd_passdb. This 
should make pam_winbind work again on a Samba PDC (and fix Bug #3800).

Guenther
 2007-10-10 11:17:16 -05:00
Günther Deschner
2678582c6c r15976: Set our internal domains to "online" by default in winbindd. 
Guenther
 2007-10-10 11:17:16 -05:00
Volker Lendecke
b1244e7906 r15904: This does two things: 
Fix more potential segfaults when something on our way to a DC connection
fails.

We can not continue if dcip_to_name() fails. With

192.168.234.100 nt4pdc
192.168.234.100 windows#1c
192.168.234.100 windows#1b

in the lmhosts file when nt4pdc is rebooted, we do find the DC's IP address,
we can connect to TCP 139 while it is booting but anything else fails. So we
fall back to put the IP address into domain->dcname. When the DC is fully up
later on we try to do the auth2 against \\192.168.234.100 which gives
INVALID_COMPUTER_NAME. And we never get out of this loop again.

Fix this.

Jerry, maybe you can take a look.

Thanks,

Volker
 2007-10-10 11:17:12 -05:00