| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
called from multiple places now (krb5, winbindd auth and domain_client_validate()
|
| | |
| |
| |
| |
| |
| | |
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
krb5_rd_req could decrypt the ticket but that ticket is just not valid
at the moment (either not yet valid or already expired). (This also
prevents an MIT kerberos related crash)
Guenther
|
| | |
| |
| |
| |
| | |
on the particular file we are performing I/O on, irrespective of whether
the write cache is globally enabled
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
metze
|
| | |
| |
| |
| | |
a AC variable)
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| | |
supported.
Is there a better way to check for the 0x1c010002 status code?
Guenther
|
| | |
| |
| |
| |
| |
| | |
I'm disabling it for now until we have en effective
means of dealing with the ticket request flags for users
and computers.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
environment.
Guenther
|
| | |
| |
| |
| |
| |
| | |
offline logons work again with NT4 and older Samba3 DCs.
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| | |
policies when requested.
No panic, the flags is uint32 so we are not running out of WBFLAG bits.
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| | |
failed with a clear error indication. This prevents the bad logon count
beeing increased on the DC.
Guenther
|
| | |
| |
| |
| |
| | |
but make the intent clearer.
Jeremy.
|
| | |
| |
| |
| | |
client sends a NULL RPC_BUFFER*
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| | |
and want to just shutdown and exit.
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| | |
printing purposes.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
|
| | |
| |
| |
| |
| |
| |
| | |
Jeremy.
-----------------------------
fixed an hmac-md5 error for keys longer than 64 (using deallocated
stack variable)
|
| | |
| |
| |
| | |
* Fix sprintf() args when createing the group search filter.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.
* add substr matching rule to OpenLDAP schema
(we need to update the other schema as will since this
is a pretty important change). Sites will need to
- install the new schema
- add 'indea sambaSID sub' to slapd.conf
- run slapindex
* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
|
| | |
| |
| |
| |
| | |
in the switch statement which matched the schannel type
against the account type.
|
| | | |
|
| | |
| |
| |
| | |
* Fix inverted logic check for machine accounts in get_md4pw()
|
| | |
| |
| |
| |
| |
| | |
we now check wheter the sec_channel_type matches the trust account type.
Guenther
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Automatically creates the BUILTIN\Users group similar to
how BUILTIN\Administrators is done. This code does need to
be cleaned up considerably. I'll continue to work on this.
* The important fix is for getusergroups() when dealing with a
local user and nested groups. Now I can run the following
successfully:
$ su - jerry -c groups
users BUILTIN\users
|
| | |
| |
| |
| |
| | |
implicit function contract explicit.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| | |
marshall a buffer based on an unknown size. Zero out the sec_desc
buffer to prevent this. This is still not getting proper results for
a registry security descriptor (everything gets ACCESS DENIED), but
at least we aren't blowing out memory now...
|
| | |
| |
| |
| |
| | |
should be done correctly. Fix coverity #37.
Jeremy.
|
| | |
| |
| |
| |
| | |
(variable definition was missing).
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
