Age | Commit message (Collapse) | Author | Files | Lines |
|
It turns out (seen in MS-SAMR 3.1.1.7.1 for example) that the primary
way the krbtgt account is recognised as special is that RID. This
should fix issues such as 'password expired' on the kpasswd service.
Andrew Bartlett
|
|
|
|
The sheer volume of messages generated by tevent when the trace level is set to
10 makes it difficult to debug issues in a level 10 log. Increasing this to
50 allows tevent tracing to be enabled if needed, but otherwise keeps the extra
chatter out of a level 10 log.
|
|
|
|
|
|
for a cleaner and more complete patch that Volker has in the queue :-)
|
|
|
|
|
|
|
|
|
|
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
|
|
metze
|
|
Patch from Steve Langasek with tiny fixes by me to make it apply to master.
Also see Debian bug #434372 and bugzilla #4831.
Calling openlog() or closelog() inside a pam module is not good as these
functions are not stackable and no program won't re-do openlog() just because a
pam module might have called closelog().
|
|
Corrected path to tdr_proto.h and added librpc/gen_ndr/{cli,srv}_dcerpc.[ch].
|
|
Karolin
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
We need to loop over all given dialects and check
if we can find SMB2_DIALECT_REVISION_202.
metze
|
|
Also send them in the order a windows client would
send them (the lowest first).
metze
|
|
metze
|
|
|
|
|
|
Without this entry, opening the COM+ tab under the properties of an OU within
ADUC results in the following error:
"Unable to retrieve all user properties, 0x80072030"
|
|
Without these entries, using the 'Delegate Control' option in ADUC results in
the following error message in the Delegation of Control Wizard:
"The templates could not be applied. One or more of the templates is not
applicable. Click Back and select different templates, and then try again."
|
|
The classDisplayName attribute controls the actual text displayed to the user
for the top-level menus, so added it to the existing entries.
The attributeDisplayNames attribute contains both the text displayed to the
user and a mapping to the internal directory attribute name for the particular
field, so added these to the existing entries as well.
Added new entries as appropriate to properly complete all menus and labels
within ADUC.
|
|
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.
Andrew Bartlett
|
|
This is required because the deferred connect code skips the connect()
until sending the packet, but unless we catch this call, the connect()
never happens.
Andrew Bartlett
|
|
|
|
This adds 3 simple speed tests to tdbtool, for transaction store,
store and fetch.
On my laptop this shows transactions costing about 10ms
|
|
Michael
|
|
Michael
|
|
Michael
|
|
Attention:
The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos
net rpc commands will now prompt for a password if none is given.
As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.
This should fix bug #6357
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
Michael
|
|
Michael
|
|
One of leaks found by cppcheck:
[./source3/utils/log2pcaphex.c:367]: (error) Resource leak: out
|
|
File descriptor leaks only when we use file instead of stdout.
Found by cppcheck:
[./source3/torture/smbiconv.c:219]: (error) Resource leak: out
[./source4/torture/smbiconv.c:211]: (error) Resource leak: out
|
|
Found by cppcheck:
[./nsswitch/winbind_nss_aix.c:241]: (error) Memory leak: result
|
|
Guenther
|
|
With the current infrastructure, we should not return error on
duplicate mappings but just warn instead (because an error would
trigger the attempt to create yet another mapping).
Michael
|
|
With the current infrastructure, we should not return error on
duplicate mappings but just warn instead (because an error would
trigger the attempt to create yet another mapping).
Michael
|
|
This is now also verified with the RPC-SAMR-LARGE-DC test.
Guenther
|
|
This will fail for alias creation as nss_wrapper does not yet wrap around
libnss_winbind.
Guenther
|
|
This rather simple test creates 4500 objects on a domain controller and checks
the enum calls for the correct number of results.
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|