| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
creds under all circumstances. This may be wrong, but
at least we're now consistent.
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
for the creds store. This should fix the problems
Jerry reported (but I have still to run tests :-).
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
code relied upon file permissions alone. Now we check that
the user is a printer administrator and that the share has not been
marked read only for that user.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this more but it gets around the primary group issue.
* don't map a SID to a name from the group mapping code if
the map doesn't have a valid gid. This is only an issue
in a tdb setup
* Always allow S-1-$DOMAIN-513 to resolve (just like Windows)
* if we cannot resolve a users primary GID to a SID, then set
it to S-1-$DOMAIN-513
* Ignore the primary group SID inside pdb_enum_group_memberships().
Only look at the Unix group membersip.
Jeremy, this fixes a fresh install startup for smbd as far as my tests
are concerned.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
blocks. This fixes the problem I had with missing groups in the
net_samlogon() reply from a Samba PDC.
|
| | |
| |
| |
| |
| |
| |
| | |
Bartlett's
Samba4 code.
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
key and delete records that are old. We will need this
for the full 16 byte session key support.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
a node status on all IP's when requested.
Jeremy.
|
| | |
| |
| |
| | |
width again.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
time in the code.
Even if we now have an additional if statement after the free I prefer
this solution in opposite to the duplicated code we had before.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes bug #1386.
The initial changes had been made by Carsten Höger <choeger at
open-xhange dot com> for Samba 2.2 while being at SuSE. *sigh*
To not duplicate code from smbpasswd in pdbedit stdin_new_passwd() and
get_pass() are moved from smbpasswd to utils/passwd_util.c.
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
I mean it this time :-).
Jeremy.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
* enable privileges = yes
* enable asu support = no
Remove unused function after the tdbsam rewrite.
|
| | |
| |
| |
| |
| |
| |
| | |
on the tdb file. This allow recusive calls to succeed
without complaining about failed opens since a tdb can
only be opened once per process. We probably still need to backport
the transaction support from Samba 4 here though.
|
| | |
| |
| |
| |
| |
| | |
Make sure to associate the DOMAIN dispinfo cache
with a User/Group SAMR handle (not the SID of the user or group).
Ensure that enumeration after deleting a user works.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
running. More generic error return cleanup in libsmb/
needs doing (everything returning NTSTATUS not BOOL).
Jeremy
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Volker
|
| | |
| |
| |
| |
| |
| | |
error.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix parse_domain_user to fail when splitting a full name like "DOM\user"
when "winbind use default domain" and "winbind trusted domains only" are
not enabled.
This allows pam_winbind to behave correctly when more modules are
stacked in the "account" or "password" PAM facility. pam_winbindd calls
WINBINDD_GETPWNAM which can decide whether or not a user is a winbind
user and return correct PAM error codes.
Guenther
|
| | |
| |
| |
| |
| | |
with < 0.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
set to avoid unnecessary polling.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
-----------------------------------
Thanks to a report from VL:
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
-----------------------------------
With more 'try all options' testing, I found this 'simple' but in the
NTLM2 signing code.
Andrew Bartlett
-----------------------------------
After Volker's advise, try every combination of parameters. This
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
-----------------------------------
We should now try retesting with NT4. This should be standalone
enough to port into a SAMBA_3_0_RELEASE branch fix.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
previous 2 changes
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
