Age | Commit message (Collapse) | Author | Files | Lines |
|
This fixes up the change of the primary group of a user when using the ADUC
console:
- When the "primaryGroupId" attribute changes, we have to delete the
"member"/"memberOf" attribute reference of the new primary group and add one
for the old primary group.
- Deny deletion of primary groups according to Windows Server (so we cannot
have invalid "primaryGroupID" attributes in our AD).
- We cannot add a primary group directly before it isn't a secondary one of a
user account.
- We cannot add a secondary reference ("member" attribute) when the group has
been chosen as primary one.
This also removes the LDB templates which are basically overhead now.
This should also fix bug #6599.
|
|
We need this new function to delete users and computers before other objects
on reprovisioning. Otherwise primary groups could be deleted before user/computer
accounts (which isn't allowed anymore by the reworked "samldb" module).
|
|
"samldb" changes
The "provision_users.ldif" file needs some rework to pass against the changed
and improved "samldb" module (see next commit).
|
|
Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed
from sys_read() to sys_recv(). read_socket_with_timeout() is called
with non-fd's (with a pty in chgpasswd.c and with a disk file in
lib/dbwrap_file.c via read_data()). recv works for the disk file,
but not the pty. Change the name of read_socket_with_timeout() to
read_fd_with_timeout() to make this clear (and add comments).
Jeremy.
|
|
|
|
this is needed for the _msdcs zone
|
|
This file is no longer needed as the DisplaySpecifiers are now generated from
files provided by Microsoft.
|
|
|
|
Changed the provisioning to use the new script to parse the Microsoft-provided
DisplaySpecifiers LDIF file.
|
|
Created this script based on the existing ms_schema.py script.
- Removed some unnecessary transformations that are only necessary for schema
processing.
- Added capability to parse and properly output base64-encoded values.
- Removed unnecessary attributes based on what attributes were present (and also
what were explicitly removed) from display_specifiers.ldif.
|
|
The original license headers provided by Microsoft cannot be parsed as valid
LDIF.
Changed the license headers to be valid LDIF comments, and added a new header
section detailing the exact changes that were made to the original document.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Like the schema, these are provided under the licence at the head of
the file, which is not the GPL, but allows us to distribute them with
Samba.
Andrew Bartlett
|
|
This is a perl script that does TSIG-GSS DNS updates against a AD
DC. The bind 9.5 nsupdate still doesn't seem to work with TSIG-GSS,
and we need a way to do DNS updates when we vampire a domain, so I
revived this ancient perl script and added a wrapper script that can
update DNS entries using our machine account credentials
|
|
on a vampire join we were not putting the right attributes and
objectclass on the secrets.ldb record
|
|
|
|
|
|
|
|
|
|
|
|
This might help finding why bug 6518 happens
|
|
|
|
|
|
|
|
|
|
We can't emulate them through the LDB changetype flags since they haven't the
same constants! The previous behaviour led to huge problems.
|
|
|
|
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform
write operations on them (look below in the code) we could get SIGSEGVs!
|
|
|
|
Enhances the outputs in autogen.sh for both s3 and s4.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
The kernel may return a short read, so we must use read_data() to make sure we
read off the full buffer. If somethign bad happens we also need to kill the
inotify watch because the filedescriptor will return out of sync structures if
we read only part of the data.
|
|
|
|
|
|
|
|
|
|
This confused me for a second, this should not happen a second time :-)
|
|
All:
Please find attached a patch to fix the timestring and http_timestring
tests on hosts that have a negative UTC offset (west of the Prime Meridian).
Sincerely,
Andrew Kroeger
>From 8a8ca35edccf64aa98f2f3ae1469c4c27db8215e Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew@id10ts.net>
Date: Fri, 4 Sep 2009 01:31:50 -0500
Subject: [PATCH] util:tests: Correct time tests for negative UTC offsets.
The timestring and http_timestring tests were failing on hosts with negative
offsets from UTC. Due to the timezone offset, the returned values were back in
the year 1969 (before the epoch) and did not match the test patterns.
The correction computes the offset from UTC, and if it is negative that offset
is added onto the value given to the timestring() and http_timestring() calls so
that the returned values fall on 01-Jan-1970 and match the test pattern.
|
|
All:
Please find attached 2 patches to correct date/time parsing and output
in the Subunit processing. The first patch corrects the logic to
account for months being 0-based. The second corrects the time
formatting, as it is dealing with local, not "Z"ulu (UTC) time.
Sincerely,
Andrew Kroeger
>From 3cf81eea1309084a973359c7f6a2375d5d20a3f0 Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew@id10ts.net>
Date: Fri, 4 Sep 2009 01:24:00 -0500
Subject: [PATCH] selftest: Account for 0-based months in date parsing and printing.
|
|
|
|
metze
|
|
metze
|
|
A few weeks ago, I added some code to cifs.upcall to take the pid sent
by the kernel and use that to get the value of the $KRB5CCNAME
environment var for the process. That works fine on the initial mount,
but could be problematic on reconnect.
There's no guarantee on a reconnect that the process that initiates the
upcall will have $KRB5CCNAME pointed at the correct credcache. Because
of this, the current scheme isn't going to be reliable enough and we
need to use something different.
This patch replaces that scheme with one very similar to the one used by
rpc.gssd in nfs-utils. It searches the credcache dir (currently
hardcoded to /tmp) for a valid credcache for the given uid. If it finds
one then it uses that as the credentials cache. If it finds more than
one, it uses the one with the latest TGT expiration.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
The version of the unitest python module in Ubuntu Jaunty doesn't seem
to support this many level of subdirectories. Moving the tests up one
level solves the problem.
|
|
When a top level method in a module returns an error, it is supposed
to call ldb_module_done(). We ran across a case where this wasn't
done, and then found that in fact that are hundreds of similar cases
in our modules. It took Andrew and I a full day to work out that this
was the cause of a subtle segv in another part of the code.
To try to prevent this happening again, this patch changes
ldb_next_request() to catch the error by checking if a module
returning an error has called ldb_module_done(). If it hasn't then the
call is made on behalf of the module.
|
|
|
|
|
|
|
|
When we fail a ldbadd or ldbedit we should cancel the transaction to
prevent ldb giving a warning about having a open transaction in the
ldb destructor
|
|
|
|
When we get a double free abort from talloc it is often hard to work
out where the first free came from. This patch takes advantage of the
fact that _talloc_free() now takes a location the free was called from
to allow the double free abort code to print the location of the first
free that conflicts.
|
|
Kai, please check.
Guenther
|