| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
| |
* fail on invalid credential flags in pam_sm_setcred
* parse config file for pam_sm_acct_mgmt and pam_sm_open_session
Guenther
|
| |
|
|
|
| |
only do it for our primary domain.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure we route all request to remote DCs via the main process
so that IDMAP can correctly reuse DC connections and use the
async interface.
This fixes also idmap_nss so that it is able to resolve local
group names (requires patch on the samba dc earlier committed
to SAMBA_3_0 to make it resolve both the mapped and the unmapped
name).
Simo.
|
| | |
|
| |
|
|
|
|
|
| |
Jeremy: sidstr formerly could be NULL (when num_aliases was 0), since we
strdup here it needs to exist.
Guenther
|
| |
|
|
|
|
|
| |
This gives much nicer error messages when failing to join due to clock
skew.
Guenther
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
still needs to contact the DC's for non async requests
like enumerate users/groups etc. Now that online
DC detection is tied to async events we must enable
the processing of events in the main loop of winbindd.
Finally got rid of the last hard coded domain->initialized = 1
code in init_child_recv() - now all domain->initialized = True
gets done only in the connection manager code when either
we're online and have spoken to the DC or are offline and
we know we can't talk to the DC.
Jeremy.
|
| |
|
|
| |
more no previous prototype warnings
|
| |
|
|
| |
get rid of previous prototype warnings
|
| | |
|
| |
|
|
| |
clean up a bunch of no previous prototype warnings
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This fixes pam password changes in the online case.
Guenther
|
| |
|
|
|
|
|
|
|
|
|
| |
code paths
ncreate does. This is a bit slower (about 10-20%), because it goes touches the
share mode db, but I think not having to call change_owner_to_parent and
friends in fewer places outweighs this. And, mkdir is not the way current
Windows boxes create directories, they do it via the ncreate call.
Volker
|
| |
|
|
| |
ther way.
|
| |
|
|
|
|
|
|
| |
don't have a check online event handler set.
We need to add one once we're been asked to
go back online as this is the only way to actually
go into the online state. Doh ! :-).
Jeremy.
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
get rid of warning: value computed is not used
|
| |
|
|
| |
get rid of more nested extern declarations warnings
|
| | |
|
| | |
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
| |
is set.
Guenther
|
| |
|
|
|
|
| |
(e.g. to get the debug flag)
Guenther
|
| |
|
|
|
| |
send_smb failures should be clean exits. All times when we exit as
a matter of policy should also be clean exits.
|
| | |
|
| |
|
|
|
|
|
|
| |
look at
errno, all go straight to ERROR_NT(status).
Volker
|
| |
|
|
|
|
|
|
| |
change_owner_to_parent
a bit closer together: Move the lp_inherit_perms() check into the callers.
Volker
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
automatic
conversion, but not when we pass pointers down to other functions.
Simo, please check.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A reversed check made it impossile to fallback to the Unix Domain mapping code.
Also fix a potential use of a freed array.
Jerry,
my tests shows that this code now correctly handle the fallback to Unix Domain
when our Domain member is asked for a mapped group that has a unix name different
from the Windows name against a Samba DC and we do not use winbindd but share
users/groups by other means (ldap / sync of passwd and group files)
Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID
is asked for, in the case the unixgroup name is mapped to a different name.
IE: DOMAIN\Domain Admins -> ntadmins
Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID
If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to
return the Domain admins SID in this case too.
Comments are welcome on this point!
Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle.
Simo.
|
| |
|
|
|
|
|
|
|
| |
I think "anonimous" is correctly spelled "anonymous". The Solaris compile is
referring to this as "anonymous" in line 814 of smbldap.c. Simo, please check.
Thanks,
Volker
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
but always use a talloc context.
Thanks to simo for pointing this out.
Jeremy.
|
| |
|
|
|
|
| |
being talloc'ed off the NULL context instead
of being malloced.
Jeremy.
|
| |
|
|
|
|
| |
child->mem_ctx isn't actually used for
anything, so remove it.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- make most static functions inline
- handle NULL pointers in talloc_parent_chunk()
- use talloc_parent_chunk() in talloc_parent_name()
to fix a bug found by the IBM checker
metze
|
| |
|
|
|
|
|
|
| |
response_extra_sent() expects to free a malloced
extra_data.data while the add_XX_to_array functions all return talloced
memory now. Jeremy, please check.
Guenther
|
