summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * r21887: Fix annoying bug where in a pam_close_session (or a pam_setcred with theGünther Deschner2007-03-201-1/+29
| | | | | | | | | | | | | | | | | | PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches. Make sure that only root can do this. Jerry, Jeremy, please check. Guenther
| * r21885: Chown logic should be activated only if nfs4:chown=yesAlexander Bokovoy2007-03-201-24/+26
| |
| * r21884: * Blacklist BUILTIN and MACHINE domains from theGerald Carter2007-03-202-18/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | idmap domains as these should only be handled by the winbindd_passdb.c backend * Allow the alloc init to fail for backwards compatible configurations like idmap backend = ad idmap uid = 1000-100000 .... * Remove the deprecated flags from idmap backend, et. al. These are mutually exclusive with the new configuration options (idmap domains). Logging annoying messages about deprecated parameters is confusing. So we'll try this apprpach for now.
| * r21883: Try and fix the build by removing the prototypes forJeremy Allison2007-03-202-2/+10
| | | | | | | | | | functions that take a gss context handle in includes.h Jeremy.
| * r21882: The server part of the code has to use an AUTH_NTLMSSP struct,Jeremy Allison2007-03-207-80/+327
| | | | | | | | | | | | | | | | not just an NTLMSSP - grr. This complicates the re-use of common client and server code but I think I've got it right. Not turned on of valgrinded yet, but you can see it start to take shape ! Jeremy.
| * r21881: Make sure we are very specific when testing whether a backand can ↵James Peach2007-03-202-2/+9
| | | | | | | | | | | | | | | | | | handle a particular SID. Make sure that the passdb backend will accept the same set range of local SIDs that the idmap system sends it. Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
| * r21880: Make client and server calls into encryption code symetrical,Jeremy Allison2007-03-194-93/+224
| | | | | | | | | | depending on encryption context pointer. Jeremy.
| * r21879: Move process_blocking_lock_queue to a timed event.Volker Lendecke2007-03-192-52/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The idea is that we have blocking.c:brl_timeout as a timed event that is present whenever we do have a blocking lock pending. It fires brl_timeout_fn() which calls process_blocking_lock_queue(). Whenever we make changes to blocking_lock_queue, we trigger a recalc_brl_timeout() which sets a new brl_timout event if necessary. This makes the call to blocking_locks_timeout_ms() in setup_select_timeout() unnecessary, this is implicitly done in event_add_to_select_args() from the timed events. Volker
| * r21878: Fix a bug with smbd serving a windows terminal server: If winbind ↵Volker Lendecke2007-03-195-12/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker
| * r21877: Missed one line.Jeremy Allison2007-03-191-0/+1
| | | | | | | | Jeremy.
| * r21876: Start adding in the seal implementation - prototype codeJeremy Allison2007-03-193-7/+198
| | | | | | | | | | | | | | | | for the server side enc. (doesn't break anything). I'll keep updating this until I've got NTLM seal working on both client and server, then add in the gss level seal. Jeremy.
| * r21875: BUG 3275: Patch from Andy Polyakov <appro@fy.chalmers.se>Gerald Carter2007-03-192-19/+14
| | | | | | | | | | | | Relax check for i386 header checks in the PE header of printer driver files. Thus allowing uploading of x64 print drivers from 64bit Windows clients.
| * r21874: Fix missing notify function. Thanks to Thomas Bork <tombork@web.de>Jeremy Allison2007-03-191-0/+26
| | | | | | | | | | for pointing this out ! Jeremy.
| * r21873: This is winbindd_pam.c, not pam_winbind.c :-)Volker Lendecke2007-03-191-1/+1
| |
| * r21872: Fix a debug messageVolker Lendecke2007-03-191-1/+1
| |
| * r21871: Move deadtime processing into an idle event. While there, simplifyVolker Lendecke2007-03-183-43/+45
| | | | | | | | | | | | conn_idle_all() a bit. Volker
| * r21870: Move sending auth_server keepalives out of the main loop into an ↵Volker Lendecke2007-03-184-53/+61
| | | | | | | | | | | | idle event. Volker
| * r21869: Move sending keepalives out of the main processing loop into idle event.Volker Lendecke2007-03-183-14/+46
| | | | | | | | | | | | On the way, make lp_keepalive() a proper parameter. Volker
| * r21868: Remove check_log_size from the central smbd processing loop. This ↵Volker Lendecke2007-03-182-15/+5
| | | | | | | | | | | | can be done with a become_root/unbecome_root in debug.c.
| * r21867: Simplify calling convention of timeout_processing. lp_deadtime is onlyVolker Lendecke2007-03-182-11/+16
| | | | | | | | referenced in conn_idle_all().
| * r21866: Remove unused "lock spin count" parameterVolker Lendecke2007-03-181-4/+0
| |
| * r21865: Add in the stubs for SMB transport encryption. Will fleshJeremy Allison2007-03-177-8/+123
| | | | | | | | | | | | | | these out as I implement. Don't add to SAMBA_3_0_25, this is experimental code. NFSv4 you're now officially on notice... :-). Jeremy.
| * r21864: Reformatting.Jeremy Allison2007-03-171-92/+92
| | | | | | | | Jeremy.
| * r21863: Fix debug messages with incorrect function name.Jeremy Allison2007-03-161-15/+15
| | | | | | | | Jeremy.
| * r21862: add the cups comment and location lookup to ↵Gerald Carter2007-03-161-3/+10
| | | | | | | | get_a_printer_2_default() as well
| * r21861: Pull the comment and location from CUPS if we don't have oneGerald Carter2007-03-162-0/+148
| | | | | | | | | | | | | | when fetching a printer from ntprinters.tdb. Slightly modified from original version submitted on samba-technical ml by Andy Polyakov <appro@fy.chalmers.se>
| * r21860: Fixes for "winbind normalize names" functionality:Gerald Carter2007-03-165-5/+15
| | | | | | | | | | | | | | * Fix getgroups() call called using a normalized name * Fix some more name mappings that could cause for example a user to be unable to unlock the screen as the username would not match in the PAM authenticate call.
| * r21858: Fix typo.Günther Deschner2007-03-161-1/+1
| | | | | | | | Guenther
| * r21857: Stop pretending to be Vista in the %a macro towards Samba clients.Günther Deschner2007-03-161-1/+3
| | | | | | | | Guenther
| * r21855: Fix a memleak in the krb5 locator and comment out gfree_all() which ↵Günther Deschner2007-03-161-2/+4
| | | | | | | | | | | | | | | | doesn't make sense as long as it doesn't work as an lp_unload(). Guenther
| * r21854: Add gfree_interfaces() to gfree_all().Günther Deschner2007-03-162-0/+13
| | | | | | | | Guenther
| * r21853: Fix a valgrind errorVolker Lendecke2007-03-161-0/+5
| |
| * r21851: Obvious typos...Volker Lendecke2007-03-151-2/+2
| |
| * r21850: After Jerry explained to me the HORRIBLE way in whichJeremy Allison2007-03-151-5/+15
| | | | | | | | | | | | | | | | the MIT gss libraries *SUCK*, move the frees to the end of the function so MIT doesn't segfault..... Add a comment so that another engineer knows why I did this. Jeremy.
| * r21848: add a comment about gss_import_name() and when to free the krb5 ↵Gerald Carter2007-03-151-1/+9
| | | | | | | | principal data
| * r21847: Fix memory leaks in error paths (and in main code path in one case...)Jeremy Allison2007-03-152-5/+14
| | | | | | | | | | in sasl bind. Wonder why coverity didn't find these ? Jeremy.
| * r21846: Try and fix the Darwin build which seems to have a strange krb5.Jeremy Allison2007-03-151-0/+6
| | | | | | | | Jeremy.
| * r21845: Refactor the sessionsetupX code a little to allow usJeremy Allison2007-03-156-73/+319
| | | | | | | | | | | | | | | | | | | | | | to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to a client when there's clock skew. Will help people debug this. Prepare us for being able to return the correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED" error with associated krb5 clock skew error to allow clients to re-sync time with us when we're eventually able to be a KDC. Jeremy.
| * r21840: mount.cifs compile on old libc missing bind mount #defineSteve French2007-03-141-0/+4
| | | | | | | | Thanks to Thomas Jarosch for pointing this out.
| * r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke2007-03-137-36/+6
| | | | | | | | Volker
| * r21825: add debug prefix timestamp to allow "short timestamps" to beHerb Lewis2007-03-132-2/+12
| | | | | | | | added to debug messages
| * r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke2007-03-137-6/+36
| | | | | | | | | | | | | | | | | | Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker
| * r21822: Adding experimental krb5 lib locator plugin.Günther Deschner2007-03-133-0/+399
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a starting point and may get changed. Basically we need follow the exact same path to detect (K)DCs like other Samba tools/winbind do. In particular with regard to the server affinity cache and the site-awarness for DNS SRV lookups. To compile just call "make bin/smb_krb5_locator.so", copy to /usr/lib/plugin/krb5/ (Heimdal HEAD) or /usr/lib/krb5/plugins/libkrb5/ (MIT) and you should immediately be able to kinit to your AD domain without having your REALM with kdc or kpasswd directives defined in /etc/krb5.conf at all. Tested with todays Heimdal HEAD and MIT krb5 1.5. Guenther
| * r21819: Wrap all steps in secrets_store_machine_password into one singleVolker Lendecke2007-03-131-12/+50
| | | | | | | | | | | | transaction. Succeed all or store nothing. Volker
| * r21818: Remove some unused codeVolker Lendecke2007-03-131-23/+0
| |
| * r21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failureAndrew Tridgell2007-03-131-1/+2
| |
| * r21813: fixed an integer overflow error in the ndr push code. Andrew Tridgell2007-03-132-3/+10
| | | | | | | | Jerry, you might like to consider this for 3.0.25
| * r21804: Create a reference after proto_exits was called once. Else we link theLars Müller2007-03-121-1/+2
| | | | | | | | binaries again with each make. Thx Volker to point my chesty at this.
| * r21803: Missed part of patch to make self-referrals work.Jeremy Allison2007-03-121-0/+1
| | | | | | | | Jeremy.
| * r21801: Fix Coverity ID # 342Volker Lendecke2007-03-121-0/+1
| |
generated by cgit (git 2.34.1) at 2025-09-28 19:34:40 +0000