| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
3.2.0pre1
|
| | |
|
| |
|
|
|
|
| |
These red bars in vi really hurt my eyes... :-o
Michael
|
| |
|
|
|
|
| |
Further reformat get_trust_pw to conform to coding rules.
Michael
|
| |
|
|
|
|
|
| |
Replace smb_register_idle_event() with event_add_timed(). This fixes winbind
which did not run the idle events to drop ldap connections.
Volker
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
"N" is not a valid format entry for ber_printf, should be "n"
Jeremy.
|
| |
|
|
|
|
| |
only query transitive forest trusts.
Guenther
|
| |
|
|
|
| |
Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
|
| |
|
|
|
|
|
|
|
|
| |
Send access to the trusted domain passwords through the pdb backend.
I did not yet find the time to implement the next step: trusted
domain passwords support in pdb_ldap. But at I wanted to have the
infrastructure available at least.
Michael
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
* Move aclocal.m4 and replace with m4 directory
* Merge VL's require-membership-of changes to winbindd_pam.c
and associated changes to token_util.c
* Fix warnings from tdb_pack/unpack in printing.c
* merge ndr fixes and wkssvc service
* formating merges to decrease the diff between branches
|
| | |
| |
| |
| |
| | |
* strptime() failure check
* make legcacy sid/uid/gid calls static
|
| | |
| |
| |
| | |
Unix name after discussion with Simo.
|
| | | |
|
| | |
| |
| |
| | |
Nothing of major interest. Will fix a few problems with one way trusts.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
|
| | |
| |
| |
| |
| | |
would flood at log level 2. We know when we're using the legacy
mapping code anyways since it will log an informative msg.
|
| | |
| |
| |
| | |
replace all data_blob(NULL, 0) calls.
|
| | |
| |
| |
| |
| |
| | |
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
|
| | |
| |
| |
| | |
sid_check_is_in_our_domain getting out of sync.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
messages.c. Refactor to use become_root() instead and
make it local to messages.c
Jeremy.
|
| | |
| |
| |
| | |
domain to a uid.gid using the idmap_passdb backend.
|
| | |
| |
| |
| |
| |
| | |
and fix all compiler warnings in the users
metze
|
| | |
| |
| |
| |
| |
| |
| |
| | |
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
|
| | |
| |
| |
| |
| |
| | |
to avoid creating the TDB_DATA struct from strings "by hand"
metze
|
| | |
| |
| |
| |
| |
| | |
to avoid creating the TDB_DATA struct from strings "by hand"
metze
|
| | |
| |
| |
| | |
metze
|
| | |
| |
| |
| |
| | |
command. Jerry, Simo, please check.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
handle a
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.
Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
|
| | | |
|
| | |
| |
| |
| | |
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Not used
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
|
| | |
| |
| |
| |
| |
| | |
transaction. Succeed all or store nothing.
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
winbind
who did not run the idle events to drop ldap connections.
Volker
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Patch from Zack Kirsch <zack.kirsch@isilon.com>.
Jeremy.
|
| | |
| |
| |
| |
| | |
Coverity finds them :-)
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
|
