| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
'pdbedit -L -w'
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
|
| |
so that
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
|
| | |
|
| |
|
|
| |
for the hint.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Add necessary fixes.
|
| |
|
|
| |
Simo.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
| |
Allow smbd to use winbindd to lookup uids/gids outside the
idmap range if 'winbind trusted domains only = yes'
|
| |
|
|
| |
winbindd and fail to disable the _NO_WINBIND environment.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
|
| |
|
|
|
|
|
| |
calculated based on the last change time, policies, and acb flags.
Next step will be to not bother storing them. Right now I'm just trying to
get them reported correctly.
|
| |
|
|
|
|
|
|
|
| |
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
|
| |
|
|
| |
to ensure it finds the Unix user.
|
| | |
|
| | |
|
| |
|
|
|
| |
pairs. Should fix bug #4097.
Jeremy.
|
| |
|
|
|
|
|
|
| |
Remove the account_policy_migrated() thingy, and make cache_account_policy_set
use gencache. Account policies are now handled like groups and users are with
respect to "passdb backend".
Volker
|
| |
|
|
|
|
|
|
|
|
|
| |
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
|
| |
|
|
| |
SID<->uid/gid cache. FIxes a bug in token creation
|
| |
|
|
|
|
| |
Destructors now take a pointer to the "real" destroyed object as an argument.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
casing too I
think. This broke 'make test' because the newly created user was set to be
kicked off Mi, 22 Jan 1975 23:55:33 CET (unix time 159663333) with the
setuserinfo21 call.
I'm not 100% sure that 0x7ff... means max time as I do it here, I vaguely
remember it to mean "don't touch".
Does anybody know that for sure?
Jeremy, please check this.
Thanks,
Volker
|
| |
|
|
|
|
|
|
|
| |
the this should be necessary. If there is still a bug,
I believe that setting thr group RID from the passdb is
masking it. Not fixing it. It is very likely that
the change was necessary before but is no longer
with the recent changes. But I'm not taking the chance
of merging it to 3.0.23c. :-)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The would have been primaryly used when adding a user to
an smbpasswd file, but could have been introduce to other
backends by using pdbedit -i -e.
The symptom was
[2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276)
init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99,
which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280.
Failing operation.
|
| | |
|
| |
|
|
| |
(I hate username level)
|
| |
|
|
| |
when using smbpasswd
|
| |
|
|
|
|
| |
do_file_lock static to pdb_smbpasswd.c, the only user of it.
Volker
|
| | |
|
| |
|
|
|
|
|
|
| |
independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.
Volker
|
| |
|
|
|
|
|
|
| |
seemed a
bit pointless to me.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
|
| |
|
|
|
|
| |
argument.
Volker
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
lookup_name_smbconf, otherwise
force user = domain+administrator
can not work. Also attempt to fix the 'valid users = domain+group' bug at the
same time.
Volker
|
| |
|
|
|
|
| |
With lp_workgroup we end up with remote names again...
Volker
|
| | |
|
| |
|
|
|
|
|
|
|
| |
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
|
| |
|
|
| |
Allow multiple LDAP URIs to be grouped by ""
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Make sure to lower case all usernames before
calling the create, delete, or rename hooks.
* Preserve case for usernames in passdb
* Flush the getpwnam cache after renaming a user
* Add become/unbecome root block in _samr_delete_dom_user()
when trying to verify the account's existence.
|
| | |
|
