| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
"authsam_expand_nested_groups"
Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the
long-living "sam_ctx"/"ldb" context to prevent memory leaks.
|
| |
|
|
| |
It tests also some other constructed attributes in a basic way.
|
| | |
|
| |
|
|
|
|
|
| |
need them for more constructed attributes
With this patch we delete the helper attributes at the end where all constructed
attributes have already been computed.
|
| |
|
|
| |
No need to have signed counters here.
|
| |
|
|
|
|
|
|
|
|
| |
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.
References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
|
| |
|
|
| |
This is needed by the "tokenGroups" work in the operational LDB module.
|
| | |
|
| |
|
|
| |
Should also be unsigned - no need for a signed "i" and "num_sids" here.
|
| |
|
|
|
|
| |
"construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
|
| |
|
|
|
| |
Made each type into a separate class to be easily run individually,
removed code duplication
|
| |
|
|
|
|
|
|
|
|
|
| |
host IPv4 address
Inform the user when there are more possibilities (so he can check for the
right address and otherwise he is able to do an immediate reprovision) and no
possibility at all (then we fall back to the loopback address "127.0.0.1" - this
is thought for testing purposes).
I think this should be enough for closing bug #5484.
|
| |
|
|
|
|
| |
I changed "uint32_t" to "unsigned int" since the LDB specification prescrives
"unsigned (int)" for counter variables (number of attributes,
number of values...).
|
| |
|
|
|
|
| |
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
|
| |
|
|
|
|
| |
Previous commit was incomplete. The "service" parameter in the "tcon" structure
should point to "scfg->name". I'm not sure if "share" is right but the first
was used before commit f390daef475126b4ff5a3d0ffd2babbd87d4c22b.
|
| |
|
|
|
| |
This should be the right fix (set the service name in the tcon union to the
share name/path). That should be the solution for bug #6784.
|
| |
|
|
|
| |
"QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal
ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
universal groups
Find the "Enterprise Admins" group which does exist on s4 and Windows
directories and is always per default universal. Test this only when the target
is set to s4 (s3 deployments don't contain this group). If the number of
returned objects is "0" (count) then we are likely testing the builtin domain of
an AD deployment.Then we ignore the inexistent "Enterprise Admins" group.
I didn't enhance the test for "QueryDomainInfo" since this does itself a
comparison of all returned objects with the "EnumDomainGroups" call. Therefore
if the latter passes, and the "QueryDomainInfo" test passes also the
"QueryDomainInfo" call is okay regarding groups.
|
| | |
|
| |
|
|
|
| |
We need to look for both global and universal group types when querying them.
Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
|
| | |
|
| |
|
|
| |
Otherwise we can lose debug output when a timeout happens
|
| |
|
|
|
|
|
|
|
| |
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have
permission to change the ownership of a file.
This should fix bug 6987
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Michael
|
| |
|
|
|
|
|
|
|
|
| |
Actually ildb_context pointer is not supposed to be
valid after calling ildb_request_done().
This is due to the fact that when calling ildb_request_done()
caller will (most probably) free any locally built
ldap_request objects - thus rendering ildb_context invalid.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
|
|
| |
In samba3 it is not an error when no users are returned in getpwent() calls
(e.g. on a DC w/o interdomain trusts).
Kai, please check.
Guenther
|
| |
|
|
|
|
|
|
|
| |
"i" needs to be unsigned on both places since it counts till a "count" variable
of a "struct ldb_result" object which itself is unsigned.
I see counting variables much better as "unsigned" since in most cases we don't
use negative values at all. We've only to be careful on binary searches and
downto counts regarding them.
|
| |
|
|
|
| |
"i" needs to be unsigned here since it counts until "r->in.len" which itself is
unsigned and not signed.
|
| |
|
|
|
|
| |
init().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
| |
LDB_CONTROL_AS_SYSTEM_OID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
| |
This is needed since this particular "i" counts until "count" which itself is
signed. "count" is set through a signed integer variable parameter from the
"share_list_all" call.
|
| |
|
|
|
|
| |
rpc over ncacn_np
metze
|
| |
|
|
| |
metze
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
If we got a failure from one request we bail out early.
metze
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
