1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

148 Commits

Author SHA1 Message Date
Andrew Bartlett
0dc8f720e1 r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain.  This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).

The precalculated blobs do not reveal the plaintext password.

Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b713)
2007-10-10 11:19:17 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Günther Deschner
ee1105754c r16154: Fix winbind function table typo.
Guenther
(This used to be commit aeff1f0c47)
2007-10-10 11:17:23 -05:00
Jeremy Allison
a05d9e7261 r15675: Man pages say never look at the fd_set after a select
if it returned -1 (treat as undefined). Ensure we obey
this.
Jeremy.
(This used to be commit 256ae3a16b)
2007-10-10 11:17:06 -05:00
Günther Deschner
a0ff50efa7 r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.
Guenther
(This used to be commit 9e15b1659c)
2007-10-10 11:16:43 -05:00
Günther Deschner
97355b7e35 r15150: Adding winbind debug class to the main daemon.
Guenther
(This used to be commit 37d03695c6)
2007-10-10 11:16:26 -05:00
Gerald Carter
8c9eb7631e r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit winbindd server
(This used to be commit a95d11345e)
2007-10-10 11:16:00 -05:00
James Peach
4fa5559800 r14898: This change is an attempt to improve the quality of the information that
is produced when a process exits abnormally.

First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.

Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.

Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d644)
2007-10-10 11:15:53 -05:00
Gerald Carter
e4998337e7 r14868: I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.

...

Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
(This used to be commit 021b3dc2db)
2007-10-10 11:15:52 -05:00
Gerald Carter
6c9eaa6880 r14855: Various fixes:
* depreacte 'acl group control' after discussion with Jeremy
  and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
  turning _NO_WINBINDD back on
(This used to be commit 4ab372f4ca)
2007-10-10 11:15:51 -05:00
Stefan Metzmacher
250c02554e r14618: add --no-process-group to all server programms
to make the following possible:

timelimit 20000 bin/nmbd -F -S --no-process-group
timelimit 20000 bin/smbd -F -S --no-process-group

this is needed to 'make test' working without losing child processes

metze
(This used to be commit c3a9f30e2a)
2007-10-10 11:15:39 -05:00
Volker Lendecke
2b1641c994 r14480: Kill one boolean flag passed down :-)
(This used to be commit d9b85e3b28)
2007-10-10 11:15:33 -05:00
Günther Deschner
962e42caa5 r14474: Also flush the nscd caches before entering the main winbindd loop.
Guenther
(This used to be commit c81eb71834)
2007-10-10 11:15:33 -05:00
Günther Deschner
ef115ff314 r14468: Better fix to avoid winbind panic when we have an inproper configuration
and want to just shutdown and exit.

Guenther
(This used to be commit 0aa6328ed6)
2007-10-10 11:15:33 -05:00
Günther Deschner
5856fd510c r14467: Reverting 13660. This needs to be fixed differently.
Guenther
(This used to be commit 4157bfe9cf)
2007-10-10 11:15:31 -05:00
Günther Deschner
e18349b2bb r13660: Attempt to better handle the failure that we cannot find our sid upon
startup; don't panic, shutdown instead.

Guenther
(This used to be commit f209192e26)
2007-10-10 11:10:21 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Derrell Lipman
9c15bd311d r13212: r12414@cabra: derrell | 2006-01-28 17:52:17 -0500
lp_load() could not be called multiple times to modify parameter settings based
 on reading from multiple configuration settings.  Each time, it initialized all
 of the settings back to their defaults before reading the specified
 configuration file.

 This patch adds a parameter to lp_load() specifying whether the settings should
 be initialized.  It does, however, still force the settings to be initialized
 the first time, even if the request was to not initialize them.  (Not doing so
 could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769)
2007-10-10 11:06:18 -05:00
Volker Lendecke
608aa3f41e r12544: Fix segfaults in winbind, smbpasswd and net
(This used to be commit 9ca8edc26e)
2007-10-10 11:05:59 -05:00
Gerald Carter
ce0a1fa159 r11652: Reinstate the netsamlogon_cache in order to work
around failed query_user calls.  This fixes
logons to a member of a Samba domain as a user from a
trusted AD domain.

As per comments on samba-technical, I still need to add

(a) cache the PAC info as werll as NTLM net_user_info_3
(b) expire the cache when the SMB session goes away

Both Jeremy and Guenther have signed off on the idea.
(This used to be commit 0c2bb5ba7b)
2007-10-10 11:05:23 -05:00
Jeremy Allison
6d5757395a r11511: A classic "friday night check-in" :-). This moves much
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc02)
2007-10-10 11:05:19 -05:00
Volker Lendecke
20299e5bf5 r11368: Remove a memleak that just cost me half an hour: If we terminate inside a
message handler, the list of messages from retrieve_all_messages is not
properly freed. Not important, just confusing :-)

Volker
(This used to be commit d20388750d)
2007-10-10 11:05:14 -05:00
Volker Lendecke
bd935df617 r11319: read_buf_len and write_buf_len are no longer used, remove them.
Volker
(This used to be commit 6948f748f6)
2007-10-10 11:05:11 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Gerald Carter
dab71bed4e r9588: remove netsamlogon_cache interface...everything seems to work fine. Will deal with any fallout from special environments using a non-cache solution
(This used to be commit e1de6f238f)
2007-10-10 11:03:22 -05:00
Gerald Carter
b2bfa0c775 r9330: Remove the classic dual daemon since it was not being used.
It was already gone in trunk anyways.
working on fixing BUG 3000 which does work now but we are flying
without a cache.
(This used to be commit 4936d6d8b2)
2007-10-10 11:00:33 -05:00
Gerald Carter
3cc6c5cf99 r9322: fixing debug log and ensuring that we set the right winbind_methods
pointer in get_cache() by requiring that all domain structure be
initialized with the set_dc_type_and_flags().
(This used to be commit c064609b94)
2007-10-10 11:00:33 -05:00
Jeremy Allison
19ca97a70f r7882: Looks like a large patch - but what it actually does is make Samba
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
2007-10-10 10:58:00 -05:00
Volker Lendecke
b62247f1ee r7785: This looks much larger than it is. It changes the top-level functions of the
parent winbind not to return winbindd_result. This is to hopefully fix all the
problems where a result has been scheduled for write twice.

The problematic ones have been the functions that might have been delayed as
well as under other circumstances immediately gets answered from the cache.

Now a request needs to be explicitly replied to with a request_error() or
request_ok().

Volker
(This used to be commit 7365c9accf)
2007-10-10 10:57:20 -05:00
Gerald Carter
1dfe111a09 r7454: couple of winbindd fixes
* make sure to use our domain as the account name in the net_req_auth2()
  request when running on a Samba DC
* make sure to lookup the correct domain (not default to ours) when getting an async
  getpwnam() call
(This used to be commit c9c3e3c122)
2007-10-10 10:57:09 -05:00
Gerald Carter
129b461673 r7440: * merge registry server changes from trunk (so far) for more
printmig.exe work
* merge the sys_select_signal(char c) change from trunk
  in order to keeo the winbind code in sync
(This used to be commit a112c5570a)
2007-10-10 10:57:09 -05:00
Gerald Carter
fed660877c r7415: * big change -- volker's new async winbindd from trunk
(This used to be commit a0ac9a8ffd)
2007-10-10 10:57:08 -05:00
Gerald Carter
450e8d5749 r7130: remove 'winbind enable local accounts' code from the 3.0 tree
(This used to be commit 318c3db4cb)
2007-10-10 10:57:01 -05:00
Volker Lendecke
83e11ba86c r6263: Get rid of generate_wellknown_sids, they are const static and initializable
statically.

Volker
(This used to be commit 3493d9f383)
2007-10-10 10:56:33 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Volker Lendecke
3b015a4cc7 r2470: Fix bug 1797: winbind and nmbd ignored "-l" option.
Thanks to Igor Zhbanov bsg@uniyar.ac.ru.

Volker
(This used to be commit 8a28475a0b)
2007-10-10 10:52:44 -05:00
Jeremy Allison
39a9c5dcc6 r2265: Volkers change to HEAD looks very good. Commit message
from HEAD follows :
While torturing winbind a bit I found the following unfortunate behaviour:

Sending multiple requests at a high rate for a slow operation exposed that no
response comes back until the last request in the queue has been
processed. This is an unfortunate result of serially going through all sockets> that have shown to be readable or writable. All client sockets become readable> at the same time, none of them is writable. We go through them, read the
request, process the complete request. Before we enter the select system call
the next time all requests have to have completed.

This patch optimizes this by first looking at the sockets for writability. A
write on a socket that came back from select does not block, so this
additional loop might have a non-zero cost, but it can't prevent other
operations from proceeding.

After a possibly long-running winbindd_process() we directly start select()
again. To avoid starvation the currently processed client is demoted to be the> last one in the list of clients.

Jeremy.
(This used to be commit bfdeb22c69)
2007-10-10 10:52:38 -05:00
Richard Sharpe
0804e231e4 r1557: Add sigchld handling to winbindd. Next step is to have the child restarted if
need be. We should also make sure the main line know we no longer have a child.
(This used to be commit e3dc7934b5)
2007-10-10 10:52:14 -05:00
Volker Lendecke
33c2230524 r1297: Yes, it does survive valgrind for my tests :-)
Check in the 'winbind proxy only' mode -- no new parameter required :-)

If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it
will only proxy the netlogon request and thus speed up the authentication of
domain users.

Volker
(This used to be commit 29235f0c69)
2007-10-10 10:52:05 -05:00
Gerald Carter
f7cf0aaa6f r294: checking in volker's winbindd patches; tested on domain members (Samba and AD) as well as on a Samba DC
(This used to be commit 157d53782d)
2007-10-10 10:51:17 -05:00
Gerald Carter
7af3777ab3 r116: volker's patch for local group and group nesting
(This used to be commit b393469d95)
2007-10-10 10:51:10 -05:00
Gerald Carter
8ef645c8a9 BUG 1182: patch from john.klinger@lmco.com (John Klinger) to reanable the -n 'no cache' option for winbindd
(This used to be commit d1848988d9)
2004-03-16 18:54:09 +00:00
Richard Sharpe
a01dfa47de Remove an unused parameter from reload_services_file.
(This used to be commit 0032c3f46a)
2004-01-29 00:10:40 +00:00
Stefan Metzmacher
86450924a0 update copyright to -2004
metze
(This used to be commit 12d6bc3bd0)
2004-01-11 13:23:50 +00:00
Andrew Bartlett
7d068355aa This merges in my 'always use ADS' patch. Tested on a mix of NT and ADS
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.

The routines used for this behaviour have been upgraded to modern Samba
codeing standards.

This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.

This is in line with existing behaviour for native mode domains, and for
our primary domain.

As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values.  These changes move more routines to ADS_STATUS to return
kerberos errors.

Also found when valgrinding the setup, fix a few memory leaks.

While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.

Andrew Bartlett
(This used to be commit 7c34de8096)
2004-01-08 08:19:18 +00:00
Volker Lendecke
fd35232584 Commit the translation of the realm to the netbios domain name in the kerberos
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.

Jerry: This is a change in behaviour, but I think it is necessary.

Volker
(This used to be commit 3ce6c9f273)
2004-01-04 11:51:31 +00:00
Andrew Bartlett
3f0d0002ae Add a comment, and a useful debug message.
(This used to be commit df14b0af31)
2003-11-25 23:24:14 +00:00
Andrew Tridgell
53dfaac5fb as discussed on irc, this is a small patch that allows a few more
winbind functions to be accessed via NSS. This provides a much cleaner
way for applications that need (for example) to provide name->sid
mappings to do this via NSS rather than having to know the winbindd
pipe protocol (as this might change).

This patch also adds a varient of the winbindd_getgroups() call called
winbindd_getusersids() that provides direct SID->SIDs listing of a
users supplementary groups. This is enough to allow non-Samba
applications to do ACL checking.

A test program for the new functionality will be committed shortly.

I also added the 'wbinfo --user-sids' option to expose the new
function in wbinfo.
(This used to be commit 702b35da0a)
2003-11-19 08:11:14 +00:00
Andrew Tridgell
e1c468477c a small include file rearrangement that doesn't affect normal
compilation, but that allows Samba3 to take advantage of pre-compiled
headers in gcc if available.
(This used to be commit b3e024ce1d)
2003-11-12 01:51:10 +00:00