summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert "Fix the "Premature end of data in tag" error when buiding the ↵Karolin Seeger2008-11-171-15/+3
| | | | | | manpage, fix a typo in the text, add an example for anonymization usage." This reverts commit abfdb52b60e84980d22e6c6c3479e67e20311b12.
* Revert "Note url explaining this code."Karolin Seeger2008-11-171-4/+0
| | | | This reverts commit 9953885d0be6a2477f5fd29940f3f1d6a7136cf4.
* Revert "Attempt to fix bug #5818 - "smbcacls: sorts ACEs improperly and ↵Karolin Seeger2008-11-171-157/+26
| | | | | | loses inheritance", based on" This reverts commit 5d2d94b46bd2ab03e2f83036b4d7fa3e401c3458.
* Revert "WHATSNEW: Update changes since 3.2.4."Karolin Seeger2008-11-171-68/+2
| | | | This reverts commit fac5f4c8421b371b22d337853f1f8241c3bdbc5b.
* Revert "WHATSNEW: Update changes since 3.2.4."Karolin Seeger2008-11-171-2/+1
| | | | This reverts commit ec9f180390852a9356df11412bc7478f48f52b43.
* Revert "Don't use debug level 1 to log a trivial message."Karolin Seeger2008-11-171-1/+1
| | | | This reverts commit 520dcfffe78bb079bbdad6de5a4cdc392527f4b8.
* Revert "Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client ↵Karolin Seeger2008-11-171-15/+1
| | | | | | acesses old server." This reverts commit f3b0e219f1a7660ff275db701935eecbe053fa25.
* Revert "Unify the logic in pull_ascii_base_talloc() and ↵Karolin Seeger2008-11-171-27/+7
| | | | | | pull_ucs2_base_talloc()." This reverts commit 01fd94981e322da59ac2c00055220c89de135ebe.
* Revert "Cope with bad trans2mkdir requests from System i QNTC IBM SMB client."Karolin Seeger2008-11-171-4/+3
| | | | This reverts commit feb057d4503118e519b5dbd9d2c3ca2c1ee55380.
* Revert "Unify access checks for lsa server functions."Karolin Seeger2008-11-172-18/+4
| | | | This reverts commit afed4929f9c707fb72b0e8dd12b1a1e8dcab9a84.
* Revert "s3-samr-server: be consistent when reporting we do password complexity."Karolin Seeger2008-11-171-4/+0
| | | | This reverts commit f8d4596ec2b8f35dd3cc05aa7ee356abb9c0920b.
* Revert "WHATSNEW: Update changes."Karolin Seeger2008-11-171-3/+0
| | | | This reverts commit 1d86b5e003effb4bb56ef9b0444da63a909fbc3c.
* Revert "Delete the krb5 ccname variable from the PAM environment if set."Karolin Seeger2008-11-171-7/+0
| | | | This reverts commit ddba89d7713923bfbf1c8492c5dc6c6d5b220f1e.
* Revert "Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles."Karolin Seeger2008-11-173-70/+16
| | | | This reverts commit 042e50f8709cfbe45d5b184cb3c4fe1b16bdc3b0.
* Revert "Fix bug 5840: Segfault in "rpcclient lsaaddacctrights""Karolin Seeger2008-11-171-1/+1
| | | | This reverts commit 369fecaeb2470a1f7e68417ccdddb61334e37d92.
* Revert "Fix net rpc vampire, based on an *amazing* piece of debugging work ↵Karolin Seeger2008-11-172-46/+41
| | | | | | by "Cooper S. Blake" <the_analogkid@yahoo.com>." This reverts commit 61046225de8a4cd77e94d8c5c4a8f510bc11b79e.
* Revert "s3-samr-server: _samr_DeleteUser needs to wipe out the user_handle ↵Karolin Seeger2008-11-171-2/+0
| | | | | | on success." This reverts commit ae01a98d49be39c258e479d610fa2e58ea2b6c62.
* Revert "Remove the requirement for ldap call made as root. Add in security"Karolin Seeger2008-11-172-63/+11
| | | | This reverts commit b339f17132b18edad52b4c2f6b348e4b8d789bcb.
* Revert "s3-samr-server: fix access check in _samr_QuerySecurity()."Karolin Seeger2008-11-171-1/+1
| | | | This reverts commit 96b35c32ae99d74608ad95d063629554fee77979.
* Revert "WHATSNEW: Update changes since 3.2.4."Karolin Seeger2008-11-171-13/+0
| | | | This reverts commit fd93db7084fdb5899fb823046b9d6ed1d05221c7.
* WHATSNEW: Update changes since 3.2.4.Karolin Seeger2008-10-231-0/+13
| | | | | Karolin (cherry picked from commit 71de4d58bb2aea6a98e94055387ef6671aa64410)
* s3-samr-server: fix access check in _samr_QuerySecurity().Günther Deschner2008-10-231-1/+1
| | | | | Guenther (cherry picked from commit 25cb282f7042e8192c0bc6d720df0646b74e9a47)
* Remove the requirement for ldap call made as root. Add in securityJeremy Allison2008-10-232-11/+63
| | | | | | checks for all SAMR calls. Jeremy. (cherry picked from commit b848f96d747fb41c074dd073f24f186539257d71)
* s3-samr-server: _samr_DeleteUser needs to wipe out the user_handle on success.Günther Deschner2008-10-231-0/+2
| | | | | | Guenther (cherry picked from commit 8a0054c6d273049bea235803db25912f6cf03610) (cherry picked from commit 40a904ee021e4c9390235f1d476bc37b87ac9b70)
* Fix net rpc vampire, based on an *amazing* piece of debugging work by ↵Jeremy Allison2008-10-232-41/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "Cooper S. Blake" <the_analogkid@yahoo.com>. "I believe I have found two bugs in the 3.2 code and one bug that carried on to the 3.3 branch. In the 3.2 code, everything is located in the utils/net_rpc_samsync.c file. What I believe is the first problem is that fetch_database() is calling samsync_fix_delta_array() with rid_crypt set to true, which means the password hashes are unencrypted from the RID encryption. However, I believe this call is redundant, and the corresponding call for samdump has rid_crypt set to false. So I think the rid_crypt param should be false in fetch_database(). If you follow the code, it makes its way to sam_account_from_delta() where the password hashes are decrypted a second time by calling sam_pwd_hash(). I believe this is what is scrambling my passwords. These methods were refactored somewhere in the 3.3 branch. Now the net_rpc_samsync.c class calls rpc_vampire_internals, which calls libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with rid_crypt always set to false. I think that's correct. But the second bug has carried through in the sam_account_from_delta() function: 208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { 209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); 210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); 211 } 212 213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { 214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); 215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); If you look closely you'll see that the nt hash is going into the lm_passwd variable and the decrypted value is being set in the lanman hash, and the lanman hash is being decrypted and put into the nt hash field. So the LanMan and NT hashes look like they're being put in the opposite fields." Fix this by removing the rid_crypt parameter. Jeremy. (cherry picked from commit e38436f731ff09333588cc0751c79029a569f390)
* Fix bug 5840: Segfault in "rpcclient lsaaddacctrights"Volker Lendecke2008-10-231-1/+1
| | | | (cherry picked from commit 79222e476edbccf81e70cf1c0d1f40db0b88e20b)
* Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.Jeremy Allison2008-10-233-16/+70
| | | | | Jeremy. (cherry picked from commit 82ec832f7edffe2fcfd1bb067e092c159bed2973)
* Delete the krb5 ccname variable from the PAM environment if set.Andreas Schneider2008-10-231-0/+7
| | | | | | If winbind sets the KRB5CCNAME variable it should unset it when the cache gets destroyed. (cherry picked from commit e7b0d1c984a37600a234c1f4c95b06e9b5898f30)
* WHATSNEW: Update changes.Karolin Seeger2008-10-211-0/+3
| | | | | Karolin (cherry picked from commit c5609611ef2af5dee47a380003c6ce94f3781f0b)
* s3-samr-server: be consistent when reporting we do password complexity.Günther Deschner2008-10-211-0/+4
| | | | | Guenther (cherry picked from commit 7c2831c5872ad26e1e0cd7df59d6c0b88d566760)
* Unify access checks for lsa server functions.Jeremy Allison2008-10-212-4/+18
| | | | | Jeremy. (cherry picked from commit ef15ff6abec34377ab7fa75201e2799c0bb72aeb)
* Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.Jeremy Allison2008-10-211-3/+4
| | | | | | | | | If total_data == 4 Windows doesn't care what values are placed in that field, it just ignores them. The System i QNTC IBM SMB client puts bad values here, so ignore them. Jeremy. (cherry picked from commit 5b1d8588d01d11251541829c5a3dff211fe925fd)
* Unify the logic in pull_ascii_base_talloc() and pull_ucs2_base_talloc().Jeremy Allison2008-10-211-7/+27
| | | | | Jeremy. (cherry picked from commit 5109bd33719a4bb1534cb0e012c92ec778fb26df)
* Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client acesses ↵Jeremy Allison2008-10-211-1/+15
| | | | | | | | | | | old server. Karolin this is a show-stopper for 3.2.5. There was some code in pull_ucs2_base_talloc() to cope with this case which hadn't been added to pull_ascii_base_talloc(). The older Samba returns non unicode names which is why you are seeing this codepath being executed. Jeremy. (cherry picked from commit 09fa53d927436310ae3c17096d42e2fa4de1dd2e)
* Don't use debug level 1 to log a trivial message.Jeremy Allison2008-10-211-1/+1
| | | | | Jeremy. (cherry picked from commit 7c53cde257515e7bfffc8f3c0b54b7c99554d240)
* WHATSNEW: Update changes since 3.2.4.Karolin Seeger2008-10-151-1/+2
| | | | | Karolin (cherry picked from commit 84d9c849dd71d5b07de3239740d3874998ecbd8c)
* WHATSNEW: Update changes since 3.2.4.Karolin Seeger2008-10-151-2/+68
| | | | | Karolin (cherry picked from commit 4cc0d89d2cc562e88e67ceeb035c440f38eeaae3)
* Attempt to fix bug #5818 - "smbcacls: sorts ACEs improperly and loses ↵Jeremy Allison2008-10-151-26/+157
| | | | | | | | | | | inheritance", based on a patch from Paul Fertser <fercerpav@gmail.com>. I also added the ability to get/set hex and symbolic inheritance flag names on ACE flags. I'm still investigating the effects of setting the "SEC_DESC_DACL_AUTO_INHERIT_REQ" flag as I don't yet see what effects this is having on the ACE sent. Jeremy. (cherry picked from commit e59a21e945e6336f3d7622bf77cf5c2304936b70)
* Note url explaining this code.Jeremy Allison2008-10-151-0/+4
| | | | | Jeremy. (cherry picked from commit 4f1cdfe0901f4c78dff56ae5c26d2801b97d50d5)
* Fix the "Premature end of data in tag" error when buiding the manpage, fix a ↵Holger Hetterich2008-10-151-3/+15
| | | | | | typo in the text, add an example for anonymization usage. (cherry picked from commit 1d202a8a7bccc65e47fc78b17d89b7e74a358487)
* Update the manpage for vfs_smb_traffic_analyzer to include the ↵Holger Hetterich2008-10-151-1/+8
| | | | | | anonymize_prefix option (cherry picked from commit c67cf648331bf4b8268813cb005b7283dd65eb73)
* Enable optional anonymization of user names,Holger Hetterich2008-10-151-1/+20
| | | | | | if the configuration parameter anonymization_prefix is defined in smb.conf, and use the prefix given there. (cherry picked from commit 86a621a1a3e08bad8a0b276d8444f1f69a500385)
* Fix bug 5691: SIGBUS on SolarisVolker Lendecke2008-10-151-1/+4
| | | | (cherry picked from commit 0f3f34033a80e44fa18cae452a164e445392138a)
* Fix the buildVolker Lendecke2008-10-151-1/+1
| | | | (cherry picked from commit 1ab2a5b958a900a078cadf98b83fba7fadbaedf9)
* Now it's working, back port the aync fix for parsing large cups printer lists.Jeremy Allison2008-10-156-32/+322
| | | | | Jeremy. (cherry picked from commit 48ee5a66d18b805d03f93c85e98a41374d82cfb9)
* Make use of ZERO_STRUCT (the first memset was actually wrong)Volker Lendecke2008-10-151-3/+3
| | | | (cherry picked from commit e42477caece1a2e861aa0698d2e06847819f0b0d)
* mount.cifs: make return codes match the return codes for /bin/mount (try #3)Jeff Layton2008-10-151-36/+46
| | | | | | | | | | | | | | The manpage for /bin/mount specifies that the return code should be a positive integer (actually, it's a bitfield). Clean up the return codes from mount.cifs to make them match the expected return values from /bin/mount. This necessary for proper integration with autofs. This is the third attempt at this patch. The changes here are minor, just changing some return's from main() into exit() calls for consistency's sake. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 2374799c8114ae3ed422d1cbe4ca12c4fd075274)
* mount.cifs: have uppercase_string return success on NULL pointerJeff Layton2008-10-151-2/+2
| | | | | | | | | We currently don't attempt to uppercase the device portion of the mount string if there isn't a prefixpath. Fix that by making uppercase_string return success without doing anything on a NULL pointer. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 34b5cfe8a0cb8674da0c5ac7d81b6e64160ccaa2)
* Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison2008-10-151-0/+23
| | | | | | | | | | | | | | | | | "rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy. (cherry picked from commit ce8de496ec139b7a56db20c5ffbcbdc2f4db0a51)
* Fixed build warning "passing arg from incompatible pointer type"Tim Prouty2008-10-151-1/+3
| | | | | | | | | | The fix explicitly makes the conversion from timeval to time_t using the existing time utility functions. Compiling modules/vfs_smb_traffic_analyzer.c modules/vfs_smb_traffic_analyzer.c: In function `smb_traffic_analyzer_send_data': modules/vfs_smb_traffic_analyzer.c:173: warning: passing arg 1 of `localtime' from incompatible pointer type (cherry picked from commit 22852666ddf3e77404373042ceecb19747ae25cd)
generated by cgit (git 2.34.1) at 2024-05-25 11:22:59 +0000