| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This combined check has been replaced by is_dc_trusted_domain_situation()
which does not check for lp_allow_trusted_domains().
Michael
|
| |
|
|
|
|
|
| |
Before fetching legacy password hash, check for trusted domain situation,
but also fail if trusted domain support is not enabled.
Michael
|
| |
|
|
| |
Michael
|
| |
|
|
|
|
|
|
|
| |
(but trusted domain situation was found)
This completes the fix for bugs #5425 and #5451 by Steven Dannemann,
in that now no special cases are left uncovered.
Michael
|
| |
|
|
|
|
|
| |
This is like is_trusted_domain_situation() except that it does not
check for lp_allow_trusted_domains().
Michael
|
| |
|
|
|
|
|
|
|
|
|
| |
looking up trust credentials in our tdb.
commit fd0ae47046d37ec8297396a2733209c4d999ea91
Author: Steven Danneman <sdanneman@isilon.com>
Date: Thu May 8 13:34:49 2008 -0700
Use machine account and machine password from our domain when
contacting trusted domains.
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
|
| |
I very much doubt that this is called enough to justify a global. If this turns
out to be a hot code path, we might reconsider :-)
|
| |
|
|
| |
Michael
|
| | |
|
| |
|
|
| |
Michael
|
| |
|
|
| |
Michael
|
| |
|
|
|
|
|
|
|
| |
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
|
| |
|
|
|
| |
return malloced strings.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
from pdb_ldap.c. I don't have an LDAP passdb setup here,
so I'm going to need some help on testing this.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
| |
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
|
| |
|
|
|
|
| |
Further reformat get_trust_pw to conform to coding rules.
Michael
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Unix name after discussion with Simo.
|
| |
|
|
|
|
|
|
| |
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
|
| |
|
|
|
|
| |
messages.c. Refactor to use become_root() instead and
make it local to messages.c
Jeremy.
|
| |
|
|
|
|
| |
and fix all compiler warnings in the users
metze
|
| |
|
|
|
| |
command. Jerry, Simo, please check.
Jeremy.
|
| |
|
|
| |
'pdbedit -L -w'
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
|
| |
so that
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
|
| |
|
|
|
|
|
|
|
|
|
| |
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
|
| |
|
|
|
|
| |
Destructors now take a pointer to the "real" destroyed object as an argument.
Volker
|
| |
|
|
|
|
|
|
|
| |
the this should be necessary. If there is still a bug,
I believe that setting thr group RID from the passdb is
masking it. Not fixing it. It is very likely that
the change was necessary before but is no longer
with the recent changes. But I'm not taking the chance
of merging it to 3.0.23c. :-)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The would have been primaryly used when adding a user to
an smbpasswd file, but could have been introduce to other
backends by using pdbedit -i -e.
The symptom was
[2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276)
init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99,
which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280.
Failing operation.
|
| |
|
|
| |
when using smbpasswd
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
|
| |
|
|
|
|
|
| |
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
|
| |
|
|
|
|
| |
BIG THANKS to Tom Bork for reporting that Bug!
Volker
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
| |
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
|
| | |
|
| |
|
|
|
|
|
|
| |
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
|
| |
|
|
|
|
|
|
|
|
| |
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix()
|
