summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert "Unify the logic in pull_ascii_base_talloc() and ↵Karolin Seeger2008-11-171-27/+7
| | | | | | pull_ucs2_base_talloc()." This reverts commit 01fd94981e322da59ac2c00055220c89de135ebe.
* Revert "Cope with bad trans2mkdir requests from System i QNTC IBM SMB client."Karolin Seeger2008-11-171-4/+3
| | | | This reverts commit feb057d4503118e519b5dbd9d2c3ca2c1ee55380.
* Revert "Unify access checks for lsa server functions."Karolin Seeger2008-11-172-18/+4
| | | | This reverts commit afed4929f9c707fb72b0e8dd12b1a1e8dcab9a84.
* Revert "s3-samr-server: be consistent when reporting we do password complexity."Karolin Seeger2008-11-171-4/+0
| | | | This reverts commit f8d4596ec2b8f35dd3cc05aa7ee356abb9c0920b.
* Revert "Delete the krb5 ccname variable from the PAM environment if set."Karolin Seeger2008-11-171-7/+0
| | | | This reverts commit ddba89d7713923bfbf1c8492c5dc6c6d5b220f1e.
* Revert "Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles."Karolin Seeger2008-11-173-70/+16
| | | | This reverts commit 042e50f8709cfbe45d5b184cb3c4fe1b16bdc3b0.
* Revert "Fix bug 5840: Segfault in "rpcclient lsaaddacctrights""Karolin Seeger2008-11-171-1/+1
| | | | This reverts commit 369fecaeb2470a1f7e68417ccdddb61334e37d92.
* Revert "Fix net rpc vampire, based on an *amazing* piece of debugging work ↵Karolin Seeger2008-11-172-46/+41
| | | | | | by "Cooper S. Blake" <the_analogkid@yahoo.com>." This reverts commit 61046225de8a4cd77e94d8c5c4a8f510bc11b79e.
* Revert "s3-samr-server: _samr_DeleteUser needs to wipe out the user_handle ↵Karolin Seeger2008-11-171-2/+0
| | | | | | on success." This reverts commit ae01a98d49be39c258e479d610fa2e58ea2b6c62.
* Revert "Remove the requirement for ldap call made as root. Add in security"Karolin Seeger2008-11-172-63/+11
| | | | This reverts commit b339f17132b18edad52b4c2f6b348e4b8d789bcb.
* Revert "s3-samr-server: fix access check in _samr_QuerySecurity()."Karolin Seeger2008-11-171-1/+1
| | | | This reverts commit 96b35c32ae99d74608ad95d063629554fee77979.
* s3-samr-server: fix access check in _samr_QuerySecurity().Günther Deschner2008-10-231-1/+1
| | | | | Guenther (cherry picked from commit 25cb282f7042e8192c0bc6d720df0646b74e9a47)
* Remove the requirement for ldap call made as root. Add in securityJeremy Allison2008-10-232-11/+63
| | | | | | checks for all SAMR calls. Jeremy. (cherry picked from commit b848f96d747fb41c074dd073f24f186539257d71)
* s3-samr-server: _samr_DeleteUser needs to wipe out the user_handle on success.Günther Deschner2008-10-231-0/+2
| | | | | | Guenther (cherry picked from commit 8a0054c6d273049bea235803db25912f6cf03610) (cherry picked from commit 40a904ee021e4c9390235f1d476bc37b87ac9b70)
* Fix net rpc vampire, based on an *amazing* piece of debugging work by ↵Jeremy Allison2008-10-232-41/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "Cooper S. Blake" <the_analogkid@yahoo.com>. "I believe I have found two bugs in the 3.2 code and one bug that carried on to the 3.3 branch. In the 3.2 code, everything is located in the utils/net_rpc_samsync.c file. What I believe is the first problem is that fetch_database() is calling samsync_fix_delta_array() with rid_crypt set to true, which means the password hashes are unencrypted from the RID encryption. However, I believe this call is redundant, and the corresponding call for samdump has rid_crypt set to false. So I think the rid_crypt param should be false in fetch_database(). If you follow the code, it makes its way to sam_account_from_delta() where the password hashes are decrypted a second time by calling sam_pwd_hash(). I believe this is what is scrambling my passwords. These methods were refactored somewhere in the 3.3 branch. Now the net_rpc_samsync.c class calls rpc_vampire_internals, which calls libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with rid_crypt always set to false. I think that's correct. But the second bug has carried through in the sam_account_from_delta() function: 208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { 209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); 210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); 211 } 212 213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { 214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); 215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); If you look closely you'll see that the nt hash is going into the lm_passwd variable and the decrypted value is being set in the lanman hash, and the lanman hash is being decrypted and put into the nt hash field. So the LanMan and NT hashes look like they're being put in the opposite fields." Fix this by removing the rid_crypt parameter. Jeremy. (cherry picked from commit e38436f731ff09333588cc0751c79029a569f390)
* Fix bug 5840: Segfault in "rpcclient lsaaddacctrights"Volker Lendecke2008-10-231-1/+1
| | | | (cherry picked from commit 79222e476edbccf81e70cf1c0d1f40db0b88e20b)
* Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.Jeremy Allison2008-10-233-16/+70
| | | | | Jeremy. (cherry picked from commit 82ec832f7edffe2fcfd1bb067e092c159bed2973)
* Delete the krb5 ccname variable from the PAM environment if set.Andreas Schneider2008-10-231-0/+7
| | | | | | If winbind sets the KRB5CCNAME variable it should unset it when the cache gets destroyed. (cherry picked from commit e7b0d1c984a37600a234c1f4c95b06e9b5898f30)
* s3-samr-server: be consistent when reporting we do password complexity.Günther Deschner2008-10-211-0/+4
| | | | | Guenther (cherry picked from commit 7c2831c5872ad26e1e0cd7df59d6c0b88d566760)
* Unify access checks for lsa server functions.Jeremy Allison2008-10-212-4/+18
| | | | | Jeremy. (cherry picked from commit ef15ff6abec34377ab7fa75201e2799c0bb72aeb)
* Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.Jeremy Allison2008-10-211-3/+4
| | | | | | | | | If total_data == 4 Windows doesn't care what values are placed in that field, it just ignores them. The System i QNTC IBM SMB client puts bad values here, so ignore them. Jeremy. (cherry picked from commit 5b1d8588d01d11251541829c5a3dff211fe925fd)
* Unify the logic in pull_ascii_base_talloc() and pull_ucs2_base_talloc().Jeremy Allison2008-10-211-7/+27
| | | | | Jeremy. (cherry picked from commit 5109bd33719a4bb1534cb0e012c92ec778fb26df)
* Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client acesses ↵Jeremy Allison2008-10-211-1/+15
| | | | | | | | | | | old server. Karolin this is a show-stopper for 3.2.5. There was some code in pull_ucs2_base_talloc() to cope with this case which hadn't been added to pull_ascii_base_talloc(). The older Samba returns non unicode names which is why you are seeing this codepath being executed. Jeremy. (cherry picked from commit 09fa53d927436310ae3c17096d42e2fa4de1dd2e)
* Don't use debug level 1 to log a trivial message.Jeremy Allison2008-10-211-1/+1
| | | | | Jeremy. (cherry picked from commit 7c53cde257515e7bfffc8f3c0b54b7c99554d240)
* Attempt to fix bug #5818 - "smbcacls: sorts ACEs improperly and loses ↵Jeremy Allison2008-10-151-26/+157
| | | | | | | | | | | inheritance", based on a patch from Paul Fertser <fercerpav@gmail.com>. I also added the ability to get/set hex and symbolic inheritance flag names on ACE flags. I'm still investigating the effects of setting the "SEC_DESC_DACL_AUTO_INHERIT_REQ" flag as I don't yet see what effects this is having on the ACE sent. Jeremy. (cherry picked from commit e59a21e945e6336f3d7622bf77cf5c2304936b70)
* Note url explaining this code.Jeremy Allison2008-10-151-0/+4
| | | | | Jeremy. (cherry picked from commit 4f1cdfe0901f4c78dff56ae5c26d2801b97d50d5)
* Enable optional anonymization of user names,Holger Hetterich2008-10-151-1/+20
| | | | | | if the configuration parameter anonymization_prefix is defined in smb.conf, and use the prefix given there. (cherry picked from commit 86a621a1a3e08bad8a0b276d8444f1f69a500385)
* Fix bug 5691: SIGBUS on SolarisVolker Lendecke2008-10-151-1/+4
| | | | (cherry picked from commit 0f3f34033a80e44fa18cae452a164e445392138a)
* Fix the buildVolker Lendecke2008-10-151-1/+1
| | | | (cherry picked from commit 1ab2a5b958a900a078cadf98b83fba7fadbaedf9)
* Now it's working, back port the aync fix for parsing large cups printer lists.Jeremy Allison2008-10-156-32/+322
| | | | | Jeremy. (cherry picked from commit 48ee5a66d18b805d03f93c85e98a41374d82cfb9)
* Make use of ZERO_STRUCT (the first memset was actually wrong)Volker Lendecke2008-10-151-3/+3
| | | | (cherry picked from commit e42477caece1a2e861aa0698d2e06847819f0b0d)
* mount.cifs: make return codes match the return codes for /bin/mount (try #3)Jeff Layton2008-10-151-36/+46
| | | | | | | | | | | | | | The manpage for /bin/mount specifies that the return code should be a positive integer (actually, it's a bitfield). Clean up the return codes from mount.cifs to make them match the expected return values from /bin/mount. This necessary for proper integration with autofs. This is the third attempt at this patch. The changes here are minor, just changing some return's from main() into exit() calls for consistency's sake. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 2374799c8114ae3ed422d1cbe4ca12c4fd075274)
* mount.cifs: have uppercase_string return success on NULL pointerJeff Layton2008-10-151-2/+2
| | | | | | | | | We currently don't attempt to uppercase the device portion of the mount string if there isn't a prefixpath. Fix that by making uppercase_string return success without doing anything on a NULL pointer. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 34b5cfe8a0cb8674da0c5ac7d81b6e64160ccaa2)
* Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison2008-10-151-0/+23
| | | | | | | | | | | | | | | | | "rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy. (cherry picked from commit ce8de496ec139b7a56db20c5ffbcbdc2f4db0a51)
* Fixed build warning "passing arg from incompatible pointer type"Tim Prouty2008-10-151-1/+3
| | | | | | | | | | The fix explicitly makes the conversion from timeval to time_t using the existing time utility functions. Compiling modules/vfs_smb_traffic_analyzer.c modules/vfs_smb_traffic_analyzer.c: In function `smb_traffic_analyzer_send_data': modules/vfs_smb_traffic_analyzer.c:173: warning: passing arg 1 of `localtime' from incompatible pointer type (cherry picked from commit 22852666ddf3e77404373042ceecb19747ae25cd)
* Fixed "declaration shadows global declaration" warnings.Tim Prouty2008-10-151-19/+19
| | | | | | | | | | | The patch simply uses a more descriptive variable name for tcp_seq. lib/socket_wrapper/socket_wrapper.c:753: warning: declaration of 'tcp_seq' shadows a global declaration /usr/include/netinet/tcp.h:40: warning: shadowed declaration is here lib/socket_wrapper/socket_wrapper.c: In function `swrap_marshall_packet': lib/socket_wrapper/socket_wrapper.c:919: warning: declaration of 'tcp_seq' shadows a global declaration /usr/include/netinet/tcp.h:40: warning: shadowed declaration is here (cherry picked from commit 03cbea1d653c716b16347c831aa56dca0eb297ab)
* If name_to_fqdn fails, retry with the dns domain the DC gave usVolker Lendecke2008-10-151-3/+8
| | | | | | | This is a workaround for the cases where you want to join under a netbios name that is different from your hostname, i.e. a name that can not be found in /etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results. (cherry picked from commit 84951b54bc1473aa9275c02cc37a9f0d7d4150e2)
* Log in the parent winbind log where a request is goingVolker Lendecke2008-10-151-0/+4
| | | | (cherry picked from commit f63bac521f0595ccbcf687678e325649f3e0e5e3)
* Attempt to fix bug 5778Volker Lendecke2008-10-061-0/+10
| | | | | | Jeff, Steve, please check! (cherry picked from commit 110756cc7bcaed5a9d6aa58f3b3fe4481f8d1f31) (cherry picked from commit 46b050e525b339fbac68329f668e47ebd11b3e08)
* Remove an unused variableVolker Lendecke2008-10-061-1/+0
| | | | (cherry picked from commit 41aed9f2f3c6d53e1b8b6d72467bc5d5a0689dce)
* Fix some missing error handlingsVolker Lendecke2008-10-061-0/+5
| | | | (cherry picked from commit 1709a099c82e9b06771b3aa562c5488a71f10c62)
* OS/X does not have rl_done in readline.hVolker Lendecke2008-10-061-0/+8
| | | | (cherry picked from commit af055bb8d89a14ed572f76b5f8fe492e0ed98e12)
* Fix an uninitialized variable warningVolker Lendecke2008-10-061-0/+2
| | | | | Not sure if we can ever not get domain and dns_domain, but gcc complained (cherry picked from commit e56b0b947a5c357c4e84b330c38d7a7f569be201)
* Fix an unlikely memleak found by the IBM checkerVolker Lendecke2008-10-061-0/+2
| | | | (cherry picked from commit 52365077e74e80959a42aa82cf9a6c959e2fcda5)
* Fix an uninitialized variable found by the IBM CheckerVolker Lendecke2008-10-061-0/+1
| | | | (cherry picked from commit 65169e4b5f182f1614e102bb0e09326a26bd5b5d)
* Fix a potential NULL deref in line 258 found by the IBM checkerVolker Lendecke2008-10-061-0/+1
| | | | (cherry picked from commit de581efedbc53a783a680ff366d37aeccd14ee23)
* Correctly fix smbclient to terminate on eof from server.Jeremy Allison2008-10-062-3/+23
| | | | | Jeremy. (cherry picked from commit 4dc2eb7f42bad6812d21bf4577e2901b04a5ca83)
* net_dns: Make "lwinet ads dns register" honor the "interfaces" parameter.Gerald (Jerry) Carter2008-10-061-13/+12
| | | | | | | This is helpful on multihomed hosts that only require a subset of IP addresses be registered with DNS. (cherry picked from commit 17c9f8810598d8117befc896d12a597a52b0ac3b) (cherry picked from commit 2fb742e127f725b56f308538852d7b10b86f29c1)
* libaddns: Use the same prerequisite for DDNS update as Windows XP.Gerald (Jerry) Carter2008-10-061-2/+2
| | | | | | | | | Hostname, TYPE: CNAME, CLASS: NONE This has to have been broken for ages. I cannot see how it would have worked in any environment. (cherry picked from commit 6b6402bce318a48b0890ed6fc23ed5b30440927b) (cherry picked from commit adde53eddb85e9af391c3f77425a3376c5c60dbf)
* Fix bug #5080. Access to cups-printers via samba broken with cups 1.3.4, ↵Jeremy Allison2008-10-061-79/+203
| | | | | | | | | | Unsupported character set. Cups 1.3.4 expects utf8 to be used in all messages to/from the server. We may be using a different character set so we need to use talloc utf8 push/pull functions in all communication. Contains the !server fix already applied to 3.3. Jeremy. (cherry picked from commit a1323951a3264f81be07276f021201bee0d8d0f5)
generated by cgit (git 2.34.1) at 2024-06-13 13:03:42 +0000