Günther Deschner [Wed, 25 Aug 2004 07:52:23 +0000 (07:52 +0000)]
r2057: Although rarely used, prevent "net lookup kdc" from segfaulting when
using our own implementation of krb5_lookup_kdc with heimdal. Also,
heimdals krb5_krbhst_next() obviously does not retrieve the struct
addrinfo in the krb5_krbhst_info-struct, using
krb5_krbhst_get_addrinfo() instead.
Jeremy Allison [Tue, 24 Aug 2004 22:48:49 +0000 (22:48 +0000)]
r2026: Simplify statcache to use an in-memory tdb. Modify tdb to use
a customer hash function for this tdb (yes it does make a difference
on benchmarks). Remove the no longer used hash.c code.
Jeremy.
Günther Deschner [Tue, 24 Aug 2004 13:02:56 +0000 (13:02 +0000)]
r2015: Reverting fix for #1474.
Jelmer, we need to find another way to solve this bug. This way,
rpcclient is linked to libxml2, libmysqlclient and libpg (with according
dependencies in samba-client.rpm's) if one just wants to build the more
experimental pdb-modules as well.
Jeremy Allison [Thu, 19 Aug 2004 20:03:41 +0000 (20:03 +0000)]
r1936: Fix bug noticed by Steve - ensure extended security bit is on only
if we negotiated extended security. Do not merge for 3.0.6. Works
with W2K but needs further testing.
Jeremy.
Volker Lendecke [Thu, 19 Aug 2004 08:11:11 +0000 (08:11 +0000)]
r1906: Revert lukeh's change for primary uid/gid change. This creates a recursion
loop between uid_to_sid -> getsampwnam -> uid_to_sid. It needs further
inspection.
Günther Deschner [Wed, 18 Aug 2004 16:25:41 +0000 (16:25 +0000)]
r1888: Bring the same level of "required_membership"-functionality that
ntlm_auth uses, to pam_winbindd as well.
This allows to make successfull authentication via PAM dependent on
SID-membership. At the moment, both ntlm_auth and pam_winbindd.so accept
user/group-names or sid-strings - as discussed, recursive membership
(e.g. local aliases) will be added later.
Gerald Carter [Wed, 18 Aug 2004 13:55:58 +0000 (13:55 +0000)]
r1885: tighten the cache consistency with the ntprinters.tdb entry an the in memory cache associated with open printer handles; also make sure that register_messages_flags() doesn't overwrite the originally registers flags
Jeremy Allison [Tue, 17 Aug 2004 18:59:13 +0000 (18:59 +0000)]
r1866: Fix for bug #1602 reported by <m.proehl@science-computing.de>.
Access to a share with
wide links = No
follow symlinks = No
Was failing with access denied.
Jeremy.
Jeremy Allison [Mon, 16 Aug 2004 21:27:26 +0000 (21:27 +0000)]
r1841: Fix for #1606, can't launch dos exe's.
2 related problems - 1). DOS uses chained commands - when we
are replying with sendfile we neglect to send the chained header. 2). Win9x and
DOS TCP stacks blow up when getting data back from a Linux sendfile - "The
engines canna take the strain cap'n". Don't use sendfile for anything less than NT1.
Jeremy.
Jim McDonough [Thu, 12 Aug 2004 03:28:57 +0000 (03:28 +0000)]
r1750: This patch allows net ads lookup to rely on command line arguments if contacting an ADS server fails. This allows net ads lookup to work with clapd (very useful for testing).
Günther Deschner [Tue, 10 Aug 2004 14:27:17 +0000 (14:27 +0000)]
r1692: first commit :)
* add IA64 to the architecture table of printer-drivers
* add new "net"-subcommands:
net rpc printer migrate {drivers|printers|forms|security|settings|all}
[printer]
net rpc share migrate {shares|files|all} [share]
this is the first part of the migration suite. this will will (once
feature-complete) allow to do 1:1 server-cloning in the best possible way by
making heavy use of samba's rpc_client-functions. all migration-steps
are implemented as rpc/smb-client-calls; net communicates via rpc/smb
with two servers at the same time (a remote, source server and a
destination server that currently defaults to the local smbd). this
allows e. g. printer-driver migration including driverfiles, recursive
mirroring of file-shares including file-acls, etc. almost any migration
step can be called with a migrate-subcommand to provide more flexibility
during a migration process (at the cost of quite some redundancy :) ).
"net rpc printer migrate settings" is still in a bad condition (many
open questions that hopefully can be adressed soon).
"net rpc share migrate security" as an isolated call to just migrate
share-ACLs will be added later.
Before playing with it, make sure to use a test-server. Migration is a
serious business and this tool-set can perfectly overwrite your
existing file/print-shares.
* along with the migration functions had to make I the following
changes:
- implement setprinter level 3 client-side
- implement net_add_share level 502 client-side
- allow security descriptor to be set in setprinterdata level 2
serverside
Jeremy Allison [Tue, 10 Aug 2004 02:05:38 +0000 (02:05 +0000)]
r1684: Patch for bug #1578 based on fix from Alexander E. Patrakov,
<patrakov@ums.usu.ru>. Main change, hardcode replacement char
to '_' as I really don't want a new parameter.
Jeremy.
Jeremy Allison [Thu, 5 Aug 2004 19:57:41 +0000 (19:57 +0000)]
r1661: Changed the password history format so that each history entry
consists of a 16 byte salt, followed by the 16 byte MD5 hash of
the concatination of the salt plus the NThash of the historical
password. Allows these to be exposed in LDAP without security issues.
Jeremy.
Vance Lankhaar [Thu, 5 Aug 2004 01:27:28 +0000 (01:27 +0000)]
r1656: Patch from James Peach:
> This patch is (probably) needed for all systems that don't have a
> C99/UNIX98 compliant vsnprintf by default. The builtin sm_*printf
> were no being called, causing things like talloc_init to fail, with
> predictable results.
The should fix 6 (solaris/hpux/irix) builds on the build farm.
Tim Potter [Wed, 28 Jul 2004 16:13:43 +0000 (16:13 +0000)]
r1599: Use -Bsymbolic when creating shared libraries to avoid conflicts with
identical symbols in the global namespace when loading libnss_wins.so.
Bugzilla #1360.
r1588: This is one of the more pathetic patches I ever checked in. Many hours of
coding have passed, but I could not find a way to get the OpenLDAP libraries
to reliably time out on any of the queries we make, *and* get correct error
returns. No, async calls and ldap_result does NOT work, or I was simply too
stupid to correctly interpret the OpenLDAP manpage and source.
We can not allow to hang indefinitely in an ldap query, especially not for
winbindd. "ldap timeout" now specifies the overall timeout for the complete
operation, that's why I increased that to 15 seconds.
Andrew Bartlett [Sat, 24 Jul 2004 23:57:07 +0000 (23:57 +0000)]
r1581: 'NULL' NTLMSSP is both a pain to get right, and compleatly and utterly
pointless. With a well-known session key, we may as well put the
password change directly on the wire, with it's own 'crypted with old
password' as the protection.
This should fix some 'long password change' issues, against Samba in
particular.
r1562: Make winbind for -S (sid->uid) and -Y (sid->gid) check whether the sid
requested actually is of type asked for. I've come across more than one
installation where a group sid had ended up as a uid in idmap and vice
versa. This just closes one possible for this misconfiguration, people
are actually using wbinfo.
Richard Sharpe [Wed, 21 Jul 2004 04:24:30 +0000 (04:24 +0000)]
r1557: Add sigchld handling to winbindd. Next step is to have the child restarted if
need be. We should also make sure the main line know we no longer have a child.
Jeremy Allison [Sat, 17 Jul 2004 01:37:04 +0000 (01:37 +0000)]
r1539: If a account was locked out by an admin (and has a bad password count of zero)
leave it locked out until an admin unlocks it (but log a message).
Jeremy.
Jeremy Allison [Sat, 17 Jul 2004 01:06:52 +0000 (01:06 +0000)]
r1537: Fix to stop printing accounts from resetting the bas password
and account lockout flags. This is set when an account is updated
only from smbd or pdbedit. Bug found by "Dunn, Drew A." <Drew.Dunn@jhuapl.edu>.
Jeremy.
projects / thirdparty / samba.git / log
