Age | Commit message (Collapse) | Author | Files | Lines |
|
restriction on the maximum returned size. There isn't a good reason
to have a limit on this one.
Andrew Bartlett
(This used to be commit 9a8315019e20f736c6977451c1d1f1f3fcba16f2)
|
|
We need to set the access_mask and the domain name, or else libnet
will try to do this itself.
This seems to fix the issues Kai was having.
Andrew Bartlett
(This used to be commit 44c193272b05959c756ee0078d666bcdf1374023)
|
|
Apologies for my previous commit, which should never have been
commited untested.
Andrew Bartlett
(This used to be commit ec69f41d093df598cb3969be0efdd6b8b804d423)
|
|
the helper functions instead (and in kai's new code, which just copied
the previous bad practice).
Andrew Bartlett
(This used to be commit 0908d8232e8621e5c7bce74b19e5d1e75fc115ab)
|
|
(This used to be commit a6a45ab9706961ea2a9a7451d9a38cb8dea7baf2)
|
|
can be
used for a name2domain call.
(This used to be commit 75e41da039e10127820635500e185e24ea55c777)
|
|
create the user in the first place.
Andrew Bartlett
(This used to be commit db0f81734d39b228dbfcf53b911edf83a2a2fd8c)
|
|
allow the server side to enumerate all domain controllers and domain
members...
Andrew Bartlett
(This used to be commit d42150ff0a05e891d36d1d3f1ec93952e6d4affd)
|
|
Andrew Bartlett
(This used to be commit 3e332ff77120003da2a23df8e0d30a330847f0f1)
|
|
SAMR. This can't be done in the ldb templates code, as it doesn't
happen over direct LDAP.
As noted in bug #4829.
Andrew Bartlett
(This used to be commit 3bfa6dbf7ded06df78310f7bd39d8a8d4edbb4ef)
|
|
on this error code, but allow both for now).
Also prove that bug #4829 needs a different solution: we can't fix
this by changing the template. I think this fix needs to be in the
SAMR server.
Andrew Bartlett
(This used to be commit c3554e3ee79cdb15f05e7968ccde62c086748c80)
|
|
the backend data (effectivly closing the handle) when we close an IPC
FD.
This should fix #4821.
Andrew Bartlett
(This used to be commit efaf91b9d53c1d9b882c53e069e8e7c15394e0f3)
|
|
RPC-SAMLOGON test.
This showed that, as noted by bug #4823, we didn't test for invalid
workstations. In fact, the code had been ported across, but because
untested code is broken code, it never worked...
Andrew Bartlett
(This used to be commit 5e07417ada56d189a911ef888b0c87adebe60763)
|
|
the logon hours, even if set.
This code happily stolen from the great work in Samba3 :-)
Andrew Bartlett
(This used to be commit a4939ab629e0af0615bcecf63c7cd55e6e833505)
|
|
include the attribute allowedChildClassesEffective for MMC to allow
the creation of containers.
This may need further refinement, but it seems to work for now.
Andrew Bartlett
(This used to be commit d053b8e218767cb12e20a00fb18995e30869db11)
|
|
Any SAMR client (usrmgr.exe in this case) that attempted to set a
property to a zero length string found instead the the old value was
kept.
In fixing this, rework the macros to be cleaner (add the
always-present .string) to every macro, and remove the use of the
samdb_modify() and samdb_replace() wrappers where possible.
Andrew Bartlett
(This used to be commit b05fe693047c09b85c7fc0e1ea8d931c99910375)
|
|
(This used to be commit b3473db397476d05e7ffca50a5f7a9b65e0a5b4a)
|
|
Should fix another part (list of domains in usrmgr incorrectly
including accounts) of bug #4815 by mwallnoefer@yahoo.de.
Andrew Bartlett
(This used to be commit 7f7e4fe2989ef4cb7ec0f855b25e558f3bbd18c5)
|
|
- The icons in usermgr were incorrect, because the acct_flags were
not filled in (due to missing attribute in ldb query)
- The Full name was missing, and the description used as the full
name (due to missing attributes in ldb query and incorrect IDL)
To prove the correctness of these fixes, I added a substantial new
test to RPC-SAMR-USERS, to ensure cross-consistancy between
QueryDisplayInfo and QueryUserInfo on each user.
This showed that for some reason, we must add ACB_NORMAL to the
acct_flags on level 2 queries (for machine trust accounts)...
Getting this right is important, because Samba3's RPC winbind methods
uses these queries.
Andrew Bartlett
(This used to be commit 9475d94a61e36b3507e5fd2e6bb6f0667db4a607)
|
|
convention change.
rafal
(This used to be commit 6ab10b2ed256fa3c55d1af8ddcc9dfdaf4598a1e)
|
|
<zack.kirsch@isilon.com>
(This used to be commit b1148b7ab84a18d4fea771c887ed7d535841982b)
|
|
Andrew Bartlett
(This used to be commit 68bdbd732fc02ce5a8ef8eb0107459ff3b7eb723)
|
|
Andrew Bartlett
(This used to be commit e6ccdb6cea267b992d1b586757f0b84afbc5e45f)
|
|
Andrew Bartlett
(This used to be commit 51862c4c5299da02d3d781b3e9255823bc9b59af)
|
|
We now setup a libnet_ctx for each domain. We should then be able to
replace/merge some more of the winbind code with libnet calls,
referencing domain->libnet_ctx.
Andrew Bartlett
(This used to be commit bad2dc14d704be59300f619c84694c11620559e0)
|
|
cannot vampire, provision or upgrade a Samba4 server via SWAT.
(The previous commit was an accident, and not complete).
This should get Samba4 closer to being 'secure' for an alpha release.
Andrew Bartlett
(This used to be commit 3b6695de36bcea8a76001c9a5585eac871646450)
|
|
is that when we all ldb_msg_add_empty(), we might realloc() the
msg->elements array. We need to ensure the source pointer (when
copying an element from the same msg) is still valid, or the data
copied.
Andrew Bartlett
(This used to be commit 0fbea30577233d00e7c6cdd4faaece0f99fc57b1)
|
|
Should fix bug #4804.
Andrew Bartlett
(This used to be commit 848336dc617b72d189fe82e10c0b08a518d6d073)
|
|
Michael
(This used to be commit b97acdc67b1a55529e69bb7b2b78a317a34b1eba)
|
|
error condition to write. This is in tdb_new_database.
Fix one call to tdb_new_database in tdb_open_ex to not
overwrite the newly propagated errno (typically ENOSPC).
Michael
(This used to be commit eb524df0a52783de6c94a11b44f268e0f26fbb2c)
|
|
Add TDB_VOLATILE as open_flag to activate the per-hashchain dead record
optimization.
(This used to be commit 868cdb1781fe94afbc1658e72bf06de20193bcd7)
|
|
* prevent infinite loops due to 0 bytes written:
try once more. if we still get 0 as return,
set errno to ENOSPC and return -1 (error)
* replace int by correct types (ssize_t and size_t).
* print a warning log message in case "written < requested to write"
usually this means, that the next call to pwrite will fail
with return value -1 and set errno accordingly.
Note that the former error condition "written != requested to write"
is not a correct error condition of write/pwrite. If this is due
to an error, a subsequent call to (p)write will reveal the cause
(typically "no space left on device" - ENOSPC).
Michael
(This used to be commit 7f415d12239fc67eb2c7894c6359b9507fe122c6)
|
|
The proper error condition is (ret == -1) instead of
(ret != number_of_byte_told_to_write).
Michael
(This used to be commit 4c3c6363f860ec01d3c789ef8ee2aa3eb77000dc)
|
|
This patch prevents non-root and non-administrator users from running
the provision, upgrade and vampire pages. *I think* the rest of SWAT
is LDB operations, or otherwise authenticated, so we should now be
secure.
I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha.
Andrew Bartlett
(This used to be commit d61061052dc4711f886199e49bc303002c8f9b11)
|
|
Andrew Bartlett
(This used to be commit 4fab53432a3599cf62a7ebef977bc33ef5a5f734)
|
|
consistantly report errors. (Some were being lost due to the "echo
foo | cmd" calling convention).
Andrew Bartlett
(This used to be commit d0a994d0ce7b1d4a33bbca5348c2da868401971f)
|
|
On machines with a 4 byte int, and a 8 byte pointer, the ESP could would fail.
The problem is that 0 != NULL. 0 is an int (4 bytes) and NULL is a
pointer (8), and this matters critically to varargs functions.
If a 0 was passed as the 'terminating' argument, then only 4 bytes
would be written to the stack, but va_arg(ap, char *) would try and
pull 8, reading uninitalised memory.
Andrew Bartlett
(This used to be commit 72ca8e3b2a45179b731790e6329b978b22ac1ec0)
|
|
printing it.
Andrew Bartlett
(This used to be commit 18d2680f357cef68e0e9714ce5404be70759d2ad)
|
|
laptop for a while.
rafal
(This used to be commit c257363adbc2e8ab577bb86a5b4dbef3caf802ef)
|
|
Michael
(This used to be commit dc0104be9acfcd97f95388029a421204723b641a)
|
|
(This used to be commit bf7774360bbcf557e3cbc4ef0c45f750b4ba89c3)
|
|
compared with a shell-escape (\).
Fixes bug #4765
Andrew Bartlett
(This used to be commit 417e0ef87fdf8ea69c66089485bd4e0f7b4ca495)
|
|
Before the provisioning enters to the function provision_default_paths (in
scripting/libjs/provision.js), the variable subobj.DNSDOMAIN isn't properly set
(for example for the filename of the DNS zonefile).
Andrew Bartlett
(This used to be commit 07a9db1438df93442c5b50b1b97ca69662749608)
|
|
; here...
(We don't want to make a distclean of the main user tree, just because
they don't have the parent directory checked out).
Andrew Bartlett
(This used to be commit 70bf6936850dede51d085a1f1f22f43b98823ff2)
|
|
regenerate lex.c files with flex 2.5.33
this makes sure we include config.h as first header
hopefully fixes the build on SerNet-aix
abartlet: please don't revert that again with your next
heimdal merge...:-)
metze
(This used to be commit 8da4e9a9ac0fb09a7b84de87e1671a8689e20fcb)
|
|
Add a test for wbinfo -a to test_member.sh
Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to
use the same SamLogon code as auth_winbind uses.
In my previous code, we did not bind to the LSA and SAMR pipes, before
attempting operations. We now do this (how we passed any tests before
is beyond me).
This required some rework, particularly to make it easier to setup
secondary connections. The new rpc_secondary_auth_connection()
function also performs the bind.
The dcerpc_connect.c file was getting to big, so things have been
merged into dcerpc_secondary.c.
Andrew Bartlett
(This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
|
|
make in autogen.sh.
Andrew Bartlett
(This used to be commit f47e5f716137b08380b17fdd95d2f454f53d6ce6)
|
|
are a DC.
Next step is to make it work...
Andrew Bartlett
(This used to be commit a1b6c9ecb9a6f17bcbabf81a8128398df6447490)
|
|
tests_all.sh yet.
(This used to be commit f45ae8a878c3d34ea2e4e1c7770e57cd96fa845b)
|
|
On default Active Directory installations, the NETLOGON share isn't
an indipendent directory. In fact it's mapped to the subdirectory
"scripts" from the share SYSVOL under <Domain name>.
Andrew Bartlett
(This used to be commit 923d67ea9d78da46235221375b49b6f1d0d6a862)
|